PCCSE · Question #166
Which action must be taken to enable a user to interact programmatically with the Prisma Cloud APIs and for a nonhuman entity to be enabled for the access keys?
The correct answer is D. Create a role and assign it to the Service Account.. For nonhuman entities (such as automation scripts, CI/CD pipelines, or service integrations) that need programmatic access to the Prisma Cloud API, the correct approach is to create a Service Account and assign an appropriate role to it. Service Accounts are designed specifically
Question
Which action must be taken to enable a user to interact programmatically with the Prisma Cloud APIs and for a nonhuman entity to be enabled for the access keys?
Options
- ACreate a role with System Admin and generate access keys.
- BCreate a user with a role that has minimal access.
- CCreate a role with Account Group Read Only and assign it to the user.
- DCreate a role and assign it to the Service Account.
How the community answered
(24 responses)- A8% (2)
- B4% (1)
- C4% (1)
- D83% (20)
Explanation
For nonhuman entities (such as automation scripts, CI/CD pipelines, or service integrations) that need programmatic access to the Prisma Cloud API, the correct approach is to create a Service Account and assign an appropriate role to it. Service Accounts are designed specifically for machine-to-machine authentication and can have access keys generated for them without being tied to a human user identity. Option A is incorrect because System Admin privileges are overly broad for principle-of-least-privilege. Option B describes creating a human user account, which is inappropriate for automated/nonhuman access. Option C uses Account Group Read Only which may be insufficient and still targets a human user construct. Service Accounts (D) are the proper nonhuman entity construct in Prisma Cloud for API access.
Topics
Community Discussion
No community discussion yet for this question.