Fortinet black logo

Identity & Access Management (IAM)

Permission scope

24.1.0
Copy Link
Copy Doc ID cb035e9b-aa60-11ee-8673-fa163e15d75b:656642
Download PDF

Permission scope

A feature of the new permission model is the permission scope. The permission scope defines what an IAM user, user group, external IdP roles, and API users can access in terms of the resources, including users, asset folders, devices, and so on.

If applicable, the permission scope also defines if the assigned users will have Local or Organization type access. If an account does not have Organizational Unit access enabled, the scope will default to the Local type and therefore link to asset folders. The default Local type is used by the majority of FortiCloud clients and allows the IAM user, user group, and so on access only to the current account. For the purpose of this document, the default Local access is assumed.

For information on enabling Identity & Access Management portal features with Organization access, see Organization user management.

Permission scope

A feature of the new permission model is the permission scope. The permission scope defines what an IAM user, user group, external IdP roles, and API users can access in terms of the resources, including users, asset folders, devices, and so on.

If applicable, the permission scope also defines if the assigned users will have Local or Organization type access. If an account does not have Organizational Unit access enabled, the scope will default to the Local type and therefore link to asset folders. The default Local type is used by the majority of FortiCloud clients and allows the IAM user, user group, and so on access only to the current account. For the purpose of this document, the default Local access is assumed.

For information on enabling Identity & Access Management portal features with Organization access, see Organization user management.