Creating a permission profile
A new permission profile can be made from the Permission Profiles page. Permission profiles must be created before an IAM user, user group, and so on.
The SysAdmin permission profile is a default permission profile available at all times. When a user is assigned to SysAdmin, they will have full access to the Asset Management portal, Identity & Access Management portal, and FortiCare. You can find the SysAdmin permission profile at the top of the Permission Profiles list. You cannot edit, disable, or delete the default SysAdmin permission profile.
To create a permission profile:
-
Select Permission Profiles from the left-hand navigation menu. The Permission Profiles page opens.
-
Select Add New. The New Portal Permission Profiles page is displayed.
-
Enter a name for the profile in the Permission Profile Name field.
Once the permission profile is saved, the permission profile type cannot be changed.
-
Set the Status to Active.
-
Enter a description of the portal permissions in the Description field.
-
Click Add Portal. A list of available portals is displayed.
-
Select the portals you want to enable or deny access to.
-
Click Add. The portals are displayed in cards.
-
For each portal card, define portal permissions:
If you want to deny access to a portal, add the portal to the permission profile but do not enable any resource or portal access.
Excluding a portal from a permission profile does not deny access to that portal. If you do not add the portal to the permission profile, its status will be considered undefined. Therefore, it may be possible for the user to still access the portal from the Services dropdown menu if the portal itself provides open access to some features.
-
For portals with resource-based permission capabilities, specify the Resources access type.
-
For portals with role-based permissions, enable Access and specify the portal Access Type and any Additional Permissions.
-
-
Click Save. The permission profile is now available to be assigned to users.