This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

CSP Groups and Roles Assignment question

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

CSP Groups and Roles Assignment question

mtafur
L1 Bithead

‎01-05-2024 07:26 PM

We have two account numbers.

 

For some reason, AIOps wouldn't activate in the "old" account number where all my firewalls are.

Cortex XDR is on the other "newer" account number. The SE suggested we move everything from the old to the new account number.

Problem is, we have different teams and need to limite some asset access.

 

So, according to this Support Portal User Role Matrix - Knowledge Base - Palo Alto Networks we came up with this:

- There should be two "general" super users/Domain Admins role for the sake of redundancy.

- Groups are needed as some assets are managed by different teams. There will be a CSP Group per each team.

Each group should have their own assets assigned.

- Each group should have "group super users" and "group standard users" role. This should allow them to manage their own group and access the support portal for their respective assets only and for Cortex XDR.

- There may be users within the groups with Group Limited or Group BPA roles. These users won't be able to get into Support Portal.

- Some group users need to be able to get into Cortex XDR. Group roles won't allow it so there is a "Cloud Product" role which does allow it. That means, some users will have two roles: Cloud Product + Group Role.

 

Is this achievable? We have been testing and came up with some issues with Support Portal. Already opened a case with PANW (02845505) about this as I found a post here recommending to open it as PANW will fix it in their backend.

mtafur_0-1704511524725.png

 

Thanks for any input you may have.

 

0 Likes Likes
3 REPLIES 3

mtafur
L1 Bithead

‎01-05-2024 07:32 PM

Interestingly, I cannot access with the test account that has Cloud Product + Group Super User to the KB. Same issue. Changed the account to Super user and problem persists. 

Hopefully PANW can fix this issue.

0 Likes Likes

JayGolf
Community Team Member
In response to mtafur

‎01-10-2024 10:13 AM

Hi @mtafur ,

 

Keep us updated on how your case goes. Please let me know if you don't hear anything back on this. 

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
0 Likes Likes

mtafur
L1 Bithead
In response to JayGolf

‎01-10-2024 04:27 PM

Hi @JayGolf . Case still going. They tried to fix their backend but no joy. It is currently in "Researching" status.

I engaged with my SE as this was his suggestion. I'm a bit worried as this is impacting my timeline for AIOps deployment.

Hopefully they'll fix this week. Whatsmore, I have issues with onboarding devices to AIOps...that's another ticket!

0 Likes Likes
  • 990 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks