Fortinet black logo

User permissions

24.1.0
Copy Link
Copy Doc ID aa20b522-aa60-11ee-8673-fa163e15d75b:999189
Download PDF

User permissions

After the Master User creates the organization, they can create an IAM user with the same level of permissions. This IAM user can then be used to create other IAM users and delegate their permissions. For more information, see the Identity & Access Management (IAM) Administration Guide.

Accounts, Users and Permissions

Account Type

This role applies to the organization. There are different types of accounts:

  • Root Account: The account that created the organization.
  • Member Account: Accounts invited to organization with no administrative privileges
User Type Under each account is a different type of user: Master User, IAM User , and IDP role.

Permissions

Each user type has permissions:

Master User:

  • Owns the Root Account for the Organization.

IAM user and IDP role:

  • Access Role permissions: Admin, Read-Only, and Not Assigned.

Access Roles

Admin access or Read-Only access within the selected account.

Note

While the organization is divided into a hierarchy, the user location within the hierarchy is independent of their permissions. The user's access is dependent on their permission profile and scope, including the available and selected scope. For more information, see Available and selected scope in the Identity & Access Management (IAM) Guide.

Root Account

Master User

Access Role

View Action Root Account Admin Read Only Not assigned
Organization Update
Delete
Export
Organizational Unit Read
Add
Update
Delete
Bulk Delete
Move
Export
Invitation Token Read
Add
Update
Invitation Approval Read
Approve
Decline
General Read
Settings Read

Update

Member Account

View Action Master No Org Role
General Read

User permissions

After the Master User creates the organization, they can create an IAM user with the same level of permissions. This IAM user can then be used to create other IAM users and delegate their permissions. For more information, see the Identity & Access Management (IAM) Administration Guide.

Accounts, Users and Permissions

Account Type

This role applies to the organization. There are different types of accounts:

  • Root Account: The account that created the organization.
  • Member Account: Accounts invited to organization with no administrative privileges
User Type Under each account is a different type of user: Master User, IAM User , and IDP role.

Permissions

Each user type has permissions:

Master User:

  • Owns the Root Account for the Organization.

IAM user and IDP role:

  • Access Role permissions: Admin, Read-Only, and Not Assigned.

Access Roles

Admin access or Read-Only access within the selected account.

Note

While the organization is divided into a hierarchy, the user location within the hierarchy is independent of their permissions. The user's access is dependent on their permission profile and scope, including the available and selected scope. For more information, see Available and selected scope in the Identity & Access Management (IAM) Guide.

Root Account

Master User

Access Role

View Action Root Account Admin Read Only Not assigned
Organization Update
Delete
Export
Organizational Unit Read
Add
Update
Delete
Bulk Delete
Move
Export
Invitation Token Read
Add
Update
Invitation Approval Read
Approve
Decline
General Read
Settings Read

Update

Member Account

View Action Master No Org Role
General Read