Cortex User Role in CSP

Cortex User Role in CSP

466
Created On 04/21/26 01:54 AM - Last Modified 04/22/26 21:39 PM


Symptom


Overview

The Cortex User Role is a newly introduced role in the Customer Support Portal (CSP) designed to ensure that only relevant user data is accessed and displayed within the Cortex Gateway (GW).

This enhancement addresses data privacy and legal compliance requirements, ensuring that Cortex Gateway only retrieves users explicitly designated for Cortex-related access.

A new Cortex User Role has been introduced in CSP to:

  • Explicitly identify users relevant to Cortex applications.

  • Restrict data synchronization to only those users assigned this role.

  • Improve compliance with updated Cortex Cloud privacy policies.

Environment


Key Changes

1. New Role: Cortex User

  • A dedicated role in CSP assigned by Super Users.

  • Only users with this role will be:

    • Pulled into Cortex Gateway

    • Visible in Cortex user management interfaces

2. Filtered Data Sync in Cortex Gateway

  • Cortex Gateway will:

    • Fetch only users with the Cortex User role

    • Avoid storing unnecessary or unrelated user data

3. One-Time Data Cleanup

  • A one-time cleanup process will:

    • Remove previously cached users not assigned the Cortex role

    • Ensure compliance with updated data handling policies

4. Bulk Role Assignment

Admins will have the ability to:

  • Perform bulk updates to assign the Cortex role

  • Apply updates to:

    • Existing users (migration phase)

    • Future users (ongoing management)

Admin Responsibilities

Super Users must:

  • Identify users who require access to Cortex applications

  • Assign the Cortex User Role to those users

  • Use bulk update capabilities for large user sets

End User Impact

  • Users without the Cortex role:

    • Will not appear in Cortex Gateway

    • Will not be assignable to Cortex roles (e.g., XDR)

  • Users with the Cortex role:

    • Will have full visibility and eligibility within Cortex

FAQs

Q1: Why is this change required?

To comply with  data privacy regulations and ensure that only relevant user data is processed by Cortex systems.

Q2: What happens if no action is taken?

Users without the Cortex role will:

  • Not appear in Cortex Gateway

  • Lose access to Cortex-related functionality

Q3: Who can assign the Cortex User role?

  • CSP Admins and Super Users

Q4: Can roles be updated in bulk?

Yes, bulk role assignment is supported for efficient migration and ongoing management.

Q5: Will this impact APIs?

  • Existing APIs will not be restricted

  • Filtering will occur at the Cortex Gateway level

Best Practices

  • Assign the Cortex role only to users who need Cortex access

  • Complete migration before enforcement deadlines

  • Use bulk updates to minimize manual effort

Next Steps

  • Review your current user base

  • Identify Cortex-relevant users

  • Assign the Cortex User Role

  • Validate user visibility in Cortex Gateway
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000wkzuKAA&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail