Permission profiles
Before you can create IAM users, user groups, external IdP roles, or API users, you must create a permission profile. Permission profiles define the level of portal access and permissions a user has. Permission profiles allow you to explicitly enable or disable access to FortiCloud portals and grant portal-specific permissions for the enabled portals.
Permissions can be role-based or resource-based depending on the portal:
-
Role-based permissions can be read-only, read and write, or admin levels with more specific permissions available depending on the portal. These permissions account for all portal features unless specified in the Additional Permissions.
-
Resource-based permissions can be read-only, read and write, or no access and can be assigned to specific resources within the portal. A permission profile can assign different access types for each of the portal resources listed. See Portals with resource-based permission for examples of resource-based permissions.
See the respective portal administration guide for more information on the specific access types for each portal.
A portal can only support one permission model at a time. If an existing permission profile includes a portal that has been converted from role-based permissions to resource-based permissions, the existing role-based permissions will be migrated to resource-based permissions based on portal-specific rules. Migration settings vary between portals.
Once a permission profile has been created, IAM users, user groups, external IdP roles, and API users can be assigned to the profile. See Users and User groups.
The Permission Profiles page can be accessed from the left-hand navigation menu. See Identity & Access Management Portal.
This section contains the following topics: