Version:


Table of Contents

22.3.0
Download PDF
Copy Link

User permissions

The account administrator can assign permissions based on the user's role.

There are various types of users:

  • Legacy Master and Sub-users

  • IAM users

Master Users & Sub Users

FortiCloud users are created in FortiCloud portal and their permissions are determined by the user type.

There are three user types:

User type

Description

Master

Has access to all the items in the navigation menu including Register Products and My Assets. Master users can create sub-users, assign user permissions, and assign devices to a user. In Partner accounts with Asset Groups enabled, a master user can create user and product groups, and assign them to users.

Sub-user (Full Access)

Has access to all the items in the navigation menu including Register Products and My Assets. sub-users with read-only permissions cannot change a folder's structure or move assets. Depending on the permissions set by the master user, a sub-user with full access can create new users and send renewal notices.

Sub-user (Limited Access) Has access to Product List and Decommissioned Units in the navigation menu. sub-users with limited permissions only have access to the products assigned to them by the master user.
Note

Partners can be connected to one account or multiple accounts as a master or sub-user. Partners connected to multiple accounts can switch accounts from the Account dropdown. See Creating connected accounts (Partners)

Viewing sub-user permissions

To view a sub-user's permissions:
  1. Go to FortiCloud.
  2. Log in to your FortiCloud account as a master user.
  3. Click the Account button.
  4. Click Manage User. The Current Users list is displayed.
  5. Click a user in the list.
  6. (Optional) Click Edit to update the user's permissions.

IAM users

IAM users are created in the IAM portal and their permissions are assigned by the account administrator. An IAM user will have their own asset and portal permissions until they are assigned to a group. For information, see the Identity & Access Management Administration Guide.

There are three types of IAM user permission:

Permissions Admin Read/Write Read Only
View Product List, My Assets, and Asset views (based on Asset permissions) X X X
Register new products, contracts or licenses X X  
Manage Asset folders, move, and decommission units X X  
View account service entitlements and contracts X X  
View and renew eligible units for online renewals X    

IdP user roles

IdP user roles have the same permissions as IAM Users.

Permissions Admin Read/Write Read Only
View Product List, My Assets, and Asset views (based on Asset permissions) X X X
Register new products, contracts or licenses X X  
Manage Asset folders, move, and decommission units X X  
View account service entitlements and contracts X X  
View and renew eligible units for online renewals X    

Viewing IAM user permissions

Account administrators can view an IAM user's permissions in the IAM Users and IAM User Groups pages of the IAM Portal. For information, see Managing IAM users and Managing IAM user groups in the Identity & Access Administration Guide.

User permissions

The account administrator can assign permissions based on the user's role.

There are various types of users:

  • Legacy Master and Sub-users

  • IAM users

Master Users & Sub Users

FortiCloud users are created in FortiCloud portal and their permissions are determined by the user type.

There are three user types:

User type

Description

Master

Has access to all the items in the navigation menu including Register Products and My Assets. Master users can create sub-users, assign user permissions, and assign devices to a user. In Partner accounts with Asset Groups enabled, a master user can create user and product groups, and assign them to users.

Sub-user (Full Access)

Has access to all the items in the navigation menu including Register Products and My Assets. sub-users with read-only permissions cannot change a folder's structure or move assets. Depending on the permissions set by the master user, a sub-user with full access can create new users and send renewal notices.

Sub-user (Limited Access) Has access to Product List and Decommissioned Units in the navigation menu. sub-users with limited permissions only have access to the products assigned to them by the master user.
Note

Partners can be connected to one account or multiple accounts as a master or sub-user. Partners connected to multiple accounts can switch accounts from the Account dropdown. See Creating connected accounts (Partners)

Viewing sub-user permissions

To view a sub-user's permissions:
  1. Go to FortiCloud.
  2. Log in to your FortiCloud account as a master user.
  3. Click the Account button.
  4. Click Manage User. The Current Users list is displayed.
  5. Click a user in the list.
  6. (Optional) Click Edit to update the user's permissions.

IAM users

IAM users are created in the IAM portal and their permissions are assigned by the account administrator. An IAM user will have their own asset and portal permissions until they are assigned to a group. For information, see the Identity & Access Management Administration Guide.

There are three types of IAM user permission:

Permissions Admin Read/Write Read Only
View Product List, My Assets, and Asset views (based on Asset permissions) X X X
Register new products, contracts or licenses X X  
Manage Asset folders, move, and decommission units X X  
View account service entitlements and contracts X X  
View and renew eligible units for online renewals X    

IdP user roles

IdP user roles have the same permissions as IAM Users.

Permissions Admin Read/Write Read Only
View Product List, My Assets, and Asset views (based on Asset permissions) X X X
Register new products, contracts or licenses X X  
Manage Asset folders, move, and decommission units X X  
View account service entitlements and contracts X X  
View and renew eligible units for online renewals X    

Viewing IAM user permissions

Account administrators can view an IAM user's permissions in the IAM Users and IAM User Groups pages of the IAM Portal. For information, see Managing IAM users and Managing IAM user groups in the Identity & Access Administration Guide.