Authentication Service use roles to identify the access permissions that a user or
service account has to the resources provided by SASE. Each available
role is comprised of one or more permissions. Each permission grants some
kind of access (such as
read) to a SASE service (such as Prisma Access
There is an API that you can use to list all roles. You can also view this information in the multitenant user interface. Finally, you can look at List of all Roles.
Similarly, there is an API that you can use to list all permissions.
Both the list of roles and permissions will change over time as Prisma SASE offers additional services and features.