Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Organization Portal

    Home FortiCloud Services 24.4.0 Organization Portal
    24.4.0
    24.4.0

    User permissions

    User permissions

    After the Master User creates the organization, they can create an IAM user with the same level of permissions. This IAM user can then be used to create other IAM users and delegate their permissions. For more information, see the Identity & Access Management (IAM) Administration Guide.

    Accounts, Users and Permissions

    Account Type

    This role applies to the organization. There are different types of accounts:

    • Root Account: The account that created the organization.
    • Member Account: Accounts invited to organization with no administrative privileges
    User Type Under each account is a different type of user: Master User, IAM User , and IDP role.

    Permissions

    Each user type has permissions:

    Master User:

    • Owns the Root Account for the Organization.

    IAM user and IDP role:

    • Access Role permissions: Admin, Read-Only, and Not Assigned.

    Access Roles

    Admin access or Read-Only access within the selected account.

    Note

    While the organization is divided into a hierarchy, the user location within the hierarchy is independent of their permissions. The user's access is dependent on their permission profile and scope, including the available and selected scope. For more information, see Available and selected scope in the Identity & Access Management (IAM) Guide.

    Root Account

    Master User

    Access Role
    View Action Root Account Admin Read Only Not assigned
    Organization Update
    Delete
    Export
    Organizational Unit Read
    Add
    Update
    Delete
    Bulk Delete
    Move
    Export
    Invitation Token Read
    Add
    Update
    Invitation Approval Read
    Approve
    Decline
    General Read
    Settings Read

    Update

    Member Account

    View Action Master No Org Role
    General Read
    Previous
    Next

    User permissions

    User permissions

    After the Master User creates the organization, they can create an IAM user with the same level of permissions. This IAM user can then be used to create other IAM users and delegate their permissions. For more information, see the Identity & Access Management (IAM) Administration Guide.

    Accounts, Users and Permissions

    Account Type

    This role applies to the organization. There are different types of accounts:

    • Root Account: The account that created the organization.
    • Member Account: Accounts invited to organization with no administrative privileges
    User Type Under each account is a different type of user: Master User, IAM User , and IDP role.

    Permissions

    Each user type has permissions:

    Master User:

    • Owns the Root Account for the Organization.

    IAM user and IDP role:

    • Access Role permissions: Admin, Read-Only, and Not Assigned.

    Access Roles

    Admin access or Read-Only access within the selected account.

    Note

    While the organization is divided into a hierarchy, the user location within the hierarchy is independent of their permissions. The user's access is dependent on their permission profile and scope, including the available and selected scope. For more information, see Available and selected scope in the Identity & Access Management (IAM) Guide.

    Root Account

    Master User

    Access Role
    View Action Root Account Admin Read Only Not assigned
    Organization Update
    Delete
    Export
    Organizational Unit Read
    Add
    Update
    Delete
    Bulk Delete
    Move
    Export
    Invitation Token Read
    Add
    Update
    Invitation Approval Read
    Approve
    Decline
    General Read
    Settings Read

    Update

    Member Account

    View Action Master No Org Role
    General Read
    Previous
    Next