This topic outlines the required permissions for a Palo Alto Networks least-privileged user (LPU).
In order to use all the features of the management pack, an Admin Role associated with the monitoring user must have the following XML API permissions:
- Operational Requests
To assign the permissions in the Palo Alto Networks Web UI:
Select Device > Admin Roles to define your Admin Role profile.
- Select your defined Admin Role.
In the Admin Role Profile window, click the XML API tab, and ensure Log, Configuration, and Operational Requests permissions are enabled.Note: Web UI and Command line permissions are not required.
- If only Operational Requests and Configuration are specified, the collector will not return threat events. This is not a recommended configuration, but Test Connection will pass with a failing optional test.