Container Protection Permission Group

There are 13 predefined permission groups with each having different access permissions. The purpose is to be able to delegate the most suitable role to each individual within an organization.

Predefined Permission Group Summary

Permission Group	Permission Group Summary
Admin	Full Read and Write access to all container protection features including FortiView, Policy Config, Configure. and Admin. Read and Write access to all resource groups.
Auditor	Full Read access to all container protection features including FortiView, Policy Config, and Configure. and Admin. Read access to all resource groups.
Cloud Provision Admin	Read and Write access to configure Kubernetes Cluster, Registry, and Credential Store. Read and Write access to all resource groups.
Cloud Provision Auditor	Read and view access to Kubernetes Cluster, Registry, and Credential Store. Read access to all resource groups.
Cloud Security and CI/CD Admin	Read and Write access to configure CI/CD Integration and Compliance. Read and view access to Kubernetes Cluster, Registry, Credential Store. Read access to all resource groups.
Cloud Security and CI/CD Auditor	Read and view access to CI/CD Integration, Compliance, Kubernetes Cluster, Registry, and Credential Store. Read access to all resource groups.
Cloud Security Admin	Read and view access to Container Visibility, Container Image, Compliance analysis, Cluster and Registry. Write and configure access to Compliance Policies. Read access to all resource groups.
Cloud Security Auditor	Read and view access to Container Visibility, Container Image, Compliance analysis/policy, Kubernetes Cluster, and Registry. Limit access to only resource groups assigned.
CI/CD Admin	Read and Write access to CI/CD Integration configuration and result. Read access to all resource groups.
CI/CD Auditor	Read access to CI/CD Integration configuration and result. Read access to all resource groups.
Compliance Admin	Read and Write access to Compliance Policy configuration and result. Read access to all resource groups.
Compliance Auditor	Read access to Compliance Policy configuration and result. Read access to all resource groups.
Vulnerability Auditor	Read access to Registry configuration and result. Read access to all resource groups.

Predefined Permission Group - Full Details

This table shows the access permission of each permission group on all features in Container Protection. Read indicates that the feature is read only, and Write indicates the feature can be edited. The blank cell indicates that there is no access to the feature.

Permission Group Name	Container Visibility	Dashboard	Container Image	CI/CD Integration	Compliance	PolicyConfig - CI/CD Integration	Policy Config - Compliance	Configure- Kubernetes Cluster	Configure - Registry	Configure - Credential Store	Admin - Resource Group	Admin - Audit Log	Admin - Settings
Global Admin	Read	Read	Read	Read	Read	Write	Write	Write	Write	Write	Write	Write	Write
Global Auditor	Read	Read	Read	Read	Read	Read	Read	Read	Read	Read	Read	Read	Read
Admin	Read	Read	Read	Read	Read	Write	Write	Write	Write	Write	Write	Write	Write
Auditor	Read	Read	Read	Read	Read	Read	Read	Read	Read	Read	Read	Read	Read
Cloud Provision Admin		Read						Write	Write	Write	Write
Cloud Provision Auditor		Read						Read	Read	Read	Read
Cloud Security and CI/CD Admin	Read	Read	Read	Read	Read	Write	Write	Read	Read	Read	Read
Cloud Security and CI/CD Auditor	Read	Read	Read	Read	Read	Read	Read	Read	Read	Read	Read
Cloud Security Admin	Read	Read	Read		Read		Write	Read	Read	Read	Read
Cloud Security Auditor	Read	Read	Read		Read		Read	Read	Read	Read	Read
CI/CD Admin		Read		Read		Write		Read	Read	Read	Read
CI/CD Auditor		Read		Read		Read		Read	Read	Read	Read
Compliance Admin		Read			Read		Write	Read	Read	Read	Read
Compliance Auditor		Read			Read		Read	Read	Read	Read	Read