Fortinet black logo

Online Help

Home FortiCWP 22.1.0 Online Help

Container Protection Permission Group

22.1.0
22.2.a
22.1.0
21.3.0
21.2.1
21.2.0
21.1.0
20.3.0
20.2.0
20.1.0
4.4.0
4.2.0
Copy Link
Copy Doc ID 73ddbf8a-9129-11ec-9fd1-fa163e15d75b:292893

Container Protection Permission Group

There are 13 predefined permission groups with each having different access permissions. The purpose is to be able to delegate the most suitable role to each individual within an organization.

Predefined Permission Group Summary

Permission Group

Permission Group Summary
Admin Full Read and Write access to all container protection features including FortiView, Policy Config, Configure. and Admin. Read and Write access to all resource groups.
Auditor Full Read access to all container protection features including FortiView, Policy Config, and Configure. and Admin. Read access to all resource groups.
Cloud Provision Admin Read and Write access to configure Kubernetes Cluster, Registry, and Credential Store. Read and Write access to all resource groups.
Cloud Provision Auditor Read and view access to Kubernetes Cluster, Registry, and Credential Store. Read access to all resource groups.
Cloud Security and CI/CD Admin Read and Write access to configure CI/CD Integration and Compliance. Read and view access to Kubernetes Cluster, Registry, Credential Store. Read access to all resource groups.
Cloud Security and CI/CD Auditor Read and view access to CI/CD Integration, Compliance, Kubernetes Cluster, Registry, and Credential Store. Read access to all resource groups.
Cloud Security Admin Read and view access to Container Visibility, Container Image, Compliance analysis, Cluster and Registry. Write and configure access to Compliance Policies. Read access to all resource groups.
Cloud Security Auditor Read and view access to Container Visibility, Container Image, Compliance analysis/policy, Kubernetes Cluster, and Registry. Limit access to only resource groups assigned.
CI/CD Admin Read and Write access to CI/CD Integration configuration and result. Read access to all resource groups.
CI/CD Auditor Read access to CI/CD Integration configuration and result. Read access to all resource groups.
Compliance Admin Read and Write access to Compliance Policy configuration and result. Read access to all resource groups.
Compliance Auditor Read access to Compliance Policy configuration and result. Read access to all resource groups.
Vulnerability Auditor Read access to Registry configuration and result. Read access to all resource groups.

Predefined Permission Group - Full Details

This table shows the access permission of each permission group on all features in Container Protection. Read indicates that the feature is read only, and Write indicates the feature can be edited. The blank cell indicates that there is no access to the feature.

Permission Group Name Container Visibility Dashboard Container Image CI/CD Integration Compliance PolicyConfig - CI/CD Integration Policy Config - Compliance Configure- Kubernetes Cluster Configure - Registry Configure - Credential Store Admin - Resource Group Admin - Audit Log Admin - Settings
Global Admin Read Read Read Read Read Write Write Write Write Write Write Write Write
Global Auditor Read Read Read Read Read Read Read Read Read Read Read Read Read
Admin Read Read Read Read Read Write Write Write Write Write Write Write Write
Auditor Read Read Read Read Read Read Read Read Read Read Read Read Read
Cloud Provision Admin Read Write Write Write Write
Cloud Provision Auditor Read Read Read Read Read
Cloud Security and CI/CD Admin Read Read Read Read Read Write Write Read Read Read Read
Cloud Security and CI/CD Auditor Read Read Read Read Read Read Read Read Read Read Read
Cloud Security Admin Read Read Read Read Write Read Read Read Read
Cloud Security Auditor Read Read Read Read Read Read Read Read Read
CI/CD Admin Read Read Write Read Read Read Read
CI/CD Auditor Read Read Read Read Read Read Read
Compliance Admin Read Read Write Read Read Read Read
Compliance Auditor Read Read Read Read Read Read Read

Previous
Next

Container Protection Permission Group

There are 13 predefined permission groups with each having different access permissions. The purpose is to be able to delegate the most suitable role to each individual within an organization.

Predefined Permission Group Summary

Permission Group

Permission Group Summary
Admin Full Read and Write access to all container protection features including FortiView, Policy Config, Configure. and Admin. Read and Write access to all resource groups.
Auditor Full Read access to all container protection features including FortiView, Policy Config, and Configure. and Admin. Read access to all resource groups.
Cloud Provision Admin Read and Write access to configure Kubernetes Cluster, Registry, and Credential Store. Read and Write access to all resource groups.
Cloud Provision Auditor Read and view access to Kubernetes Cluster, Registry, and Credential Store. Read access to all resource groups.
Cloud Security and CI/CD Admin Read and Write access to configure CI/CD Integration and Compliance. Read and view access to Kubernetes Cluster, Registry, Credential Store. Read access to all resource groups.
Cloud Security and CI/CD Auditor Read and view access to CI/CD Integration, Compliance, Kubernetes Cluster, Registry, and Credential Store. Read access to all resource groups.
Cloud Security Admin Read and view access to Container Visibility, Container Image, Compliance analysis, Cluster and Registry. Write and configure access to Compliance Policies. Read access to all resource groups.
Cloud Security Auditor Read and view access to Container Visibility, Container Image, Compliance analysis/policy, Kubernetes Cluster, and Registry. Limit access to only resource groups assigned.
CI/CD Admin Read and Write access to CI/CD Integration configuration and result. Read access to all resource groups.
CI/CD Auditor Read access to CI/CD Integration configuration and result. Read access to all resource groups.
Compliance Admin Read and Write access to Compliance Policy configuration and result. Read access to all resource groups.
Compliance Auditor Read access to Compliance Policy configuration and result. Read access to all resource groups.
Vulnerability Auditor Read access to Registry configuration and result. Read access to all resource groups.

Predefined Permission Group - Full Details

This table shows the access permission of each permission group on all features in Container Protection. Read indicates that the feature is read only, and Write indicates the feature can be edited. The blank cell indicates that there is no access to the feature.

Permission Group Name Container Visibility Dashboard Container Image CI/CD Integration Compliance PolicyConfig - CI/CD Integration Policy Config - Compliance Configure- Kubernetes Cluster Configure - Registry Configure - Credential Store Admin - Resource Group Admin - Audit Log Admin - Settings
Global Admin Read Read Read Read Read Write Write Write Write Write Write Write Write
Global Auditor Read Read Read Read Read Read Read Read Read Read Read Read Read
Admin Read Read Read Read Read Write Write Write Write Write Write Write Write
Auditor Read Read Read Read Read Read Read Read Read Read Read Read Read
Cloud Provision Admin Read Write Write Write Write
Cloud Provision Auditor Read Read Read Read Read
Cloud Security and CI/CD Admin Read Read Read Read Read Write Write Read Read Read Read
Cloud Security and CI/CD Auditor Read Read Read Read Read Read Read Read Read Read Read
Cloud Security Admin Read Read Read Read Write Read Read Read Read
Cloud Security Auditor Read Read Read Read Read Read Read Read Read
CI/CD Admin Read Read Write Read Read Read Read
CI/CD Auditor Read Read Read Read Read Read Read
Compliance Admin Read Read Write Read Read Read Read
Compliance Auditor Read Read Read Read Read Read Read

Previous
Next