App Security Entitlements

Table 1.
Entitlement Description
App Security Admin Write Access Full read/write access to all App Security console pages.
App Security Admin Read Access Read‑only access to all App Security console pages.
App Security Home Page Write Access Access and manage the Home page (read/write).
App Security Home Page Read Access Access the Home page (read only).
App Security CSPM Write Access Access and manage Analyze > CSPM page (read/write).
App Security CSPM Read Access Access Analyze > CSPMpage (read only).
App Security SSPM Write Access Access and manage Analyze > SSPMpage (read/write)
App Security SSPM Read Access Access Analyze > SSPMpage (read only).
App Security Device Management SmartEdge Write Access
  • Access and manage Analyze > Devices > Smart Edge Agentspage (read/write).
  • Manage Smart Edge agent details, including set uninstallable, set IT device, and set blocked.
App Security Device Management SmartEdge Read Access
  • Access Analyze > Devices > Smart Edge Agentspage (read only).
  • View Smart Edge Agent details.
App Security Applications/Policies Write Access
  • Manage Protect > Policies (read/write).
  • Access Protect > Add Applications > Managed Apps.
  • Create default API policies.
  • Edit applications and save policy and ZTNA resolver configurations.
App Security Applications/Policies Read Access
  • Access Protect > Policies(read only).
App Security API Write Access
  • Access and manage Protect > API page(read/write).
App Security API Read Access
  • Access Protect > API page(read only).
App Security Common Objects Write Access
  • Access and manage Protect > Objects > Common Objects(read/write).
App Security Common Objects Read Access
  • Access Protect > Objects > Common Objects(read only).
App Security DLP Objects Write Access
  • Access and manage Protect > Objects > DLP Objects(read/write).
App Security DLP Objects Read Access
  • Access Protect > Objects > DLP Objects(read only).
App Security Custom Locations Write Access
  • Access and manage Protect > Objects > Custom locations(read/write).
App Security Custom Locations Read Access
  • Access Protect > Objects > Custom Locations(read only).
App Security Notifications Write Access
  • Manage Protect > Notifications > Inline Popup, User Emails, Group Emails.
  • Create,update and delete via notification REST API.
App Security Notifications Read Access
  • Read‑only access to all Notifications pages.
  • List notifications via REST API.
  • Enables Notifications tab visibility
App Security Other Messages Write Access
  • Access and Manage Protect > Notifications > Other Messagespage (read/write).
App Security Other Messages Read Access
  • Access Protect > Notifications > Other Messagespage (read only).
App Security Email Reports Write Access
  • Access and manage Protect > Notifications > Email Reportspage (read/write).
App Security Email Reports Read Access
  • Access Protect > Notifications > Email Reportspage (read only).
App Security Smart Edge Proxy Configuration Write Access
  • Manage Protect > Forward Proxy > SmartEdge Proxypage (read/write).
App Security Smart Edge Proxy Configuration Read Access
  • Access Protect > Forward Proxy > SmartEdge Proxypage (read only).
App Security Device Profiling Proxy Write Access
  • Manage Protect > Forward Proxy > Device Profiling Proxypage (read/write).
App Security Device Profiling Proxy Read Access
  • Access Protect > Forward Proxy > Device Profiling Proxypage (read only).
App Security ICAP Write Access
  • Manage Protect > Integrations > ICAPpage (read and write).
App Security ICAP Read Access
  • Access Protect > Integrations > ICAPpage.
App Security Certificates Write Access
  • Manage Settings > Certificatespage (read/write).
App Security Certificates Read Access
  • Access Settings > Certificatespage
App Security DLP Settings Write Access
  • Manage Settings > DLPpage (read/write).
App Security DLP Settings Read Access
  • Access Settings > DLPpage.
App Security User Portal Access Access the end-user facing User Portal (non-admin).