Fortinet black logo

Online Help

Home FortiCWP 22.1.0 Online Help

FortiCWP Access Management

22.1.0
22.2.a
22.1.0
21.3.0
21.2.1
21.2.0
21.1.0
20.3.0
20.2.0
20.1.0
4.4.0
4.2.0
Copy Link
Copy Doc ID 73ddbf8a-9129-11ec-9fd1-fa163e15d75b:123513

FortiCWP Access Management

FortiCWP role-based access control (FortiCWP RBAC) helps you manage who has access to what resources and what they can do specifically with those resources.

The way FortiCWP RBAC works is by creating a Profile that is a combination of Permission Group and a Resource Group then assign the profile to the user.

Permission Group and Resource Group

The Permission Group is a predefined group of permissions that determines the read/ write access on each module in FortiCWP such as Resource, Alert, etc.

The Resource Group is a custom group of resources that needs to be created before adding to a profile.

There are two predefined profiles that have access permission to both Container Protection and Workload Protection:

Global Admin Profile has both read and write access to all features and profile management.

Global Auditor Profile only has read access to all features and profile management.

The permission groups only have partial access to features on Workload or Container Protection.

Profile Creation and Management

Workload Protection Permission Group

Container Protection Permission Group

Global Settings Permission Group

Create Resource Group in Workload Protection

Create Resource Group in Container Protection

Create Profile Using Resource Group and Permission Group

Assign Profile to FortiCWP User

Switch Between Multiple Profiles

Previous
Next

FortiCWP Access Management

FortiCWP role-based access control (FortiCWP RBAC) helps you manage who has access to what resources and what they can do specifically with those resources.

The way FortiCWP RBAC works is by creating a Profile that is a combination of Permission Group and a Resource Group then assign the profile to the user.

Permission Group and Resource Group

The Permission Group is a predefined group of permissions that determines the read/ write access on each module in FortiCWP such as Resource, Alert, etc.

The Resource Group is a custom group of resources that needs to be created before adding to a profile.

There are two predefined profiles that have access permission to both Container Protection and Workload Protection:

Global Admin Profile has both read and write access to all features and profile management.

Global Auditor Profile only has read access to all features and profile management.

The permission groups only have partial access to features on Workload or Container Protection.

Profile Creation and Management

Workload Protection Permission Group

Container Protection Permission Group

Global Settings Permission Group

Create Resource Group in Workload Protection

Create Resource Group in Container Protection

Create Profile Using Resource Group and Permission Group

Assign Profile to FortiCWP User

Switch Between Multiple Profiles

Previous
Next