Version:

Version:

Version:

Version:


Table of Contents

Online Help

Container Protection Permission Group

There are 13 predefined permission groups with each having different access permissions. The purpose is to be able to delegate the most suitable role to each individual within an organization.

Predefined Permission Group Summary

Permission Group

Permission Group Summary

Admin Full Read and Write access to all container protection features including FortiView, Policy Config, Configure. and Admin. Read and Write access to all resource groups.
Auditor Full Read access to all container protection features including FortiView, Policy Config, and Configure. and Admin. Read access to all resource groups.
Cloud Provision Admin Read and Write access to configure Kubernetes Cluster, Registry, and Credential Store. Read and Write access to all resource groups.
Cloud Provision Auditor Read and view access to Kubernetes Cluster, Registry, and Credential Store. Read access to all resource groups.
Cloud Security and CI/CD Admin Read and Write access to configure CI/CD Integration and Compliance. Read and view access to Kubernetes Cluster, Registry, Credential Store. Read access to all resource groups.
Cloud Security and CI/CD Auditor Read and view access to CI/CD Integration, Compliance, Kubernetes Cluster, Registry, and Credential Store. Read access to all resource groups.
Cloud Security Admin Read and view access to Container Visibility, Container Image, Compliance analysis, Cluster and Registry. Write and configure access to Compliance Policies. Read access to all resource groups.
Cloud Security Auditor Read and view access to Container Visibility, Container Image, Compliance analysis/policy, Kubernetes Cluster, and Registry. Limit access to only resource groups assigned.
CI/CD Admin Read and Write access to CI/CD Integration configuration and result. Read access to all resource groups.
CI/CD Auditor Read access to CI/CD Integration configuration and result. Read access to all resource groups.
Compliance Admin Read and Write access to Compliance Policy configuration and result. Read access to all resource groups.
Compliance Auditor Read access to Compliance Policy configuration and result. Read access to all resource groups.
Vulnerability Auditor Read access to Registry configuration and result. Read access to all resource groups.

Predefined Permission Group - Full Details

This table shows the access permission of each permission group on all features in Container Protection. Read indicates that the feature is read only, and Write indicates the feature can be edited. The blank cell indicates that there is no access to the feature.

Permission Group Name Container Visibility Dashboard Container Image CI/CD Integration Compliance PolicyConfig - CI/CD Integration Policy Config - Compliance Configure- Kubernetes Cluster Configure - Registry Configure - Credential Store Admin - Resource Group Admin - Audit Log Admin - Settings
Global Admin Read Read Read Read Read Write Write Write Write Write Write Write Write
Global Auditor Read Read Read Read Read Read Read Read Read Read Read Read Read
Admin Read Read Read Read Read Write Write Write Write Write Write Write Write
Auditor Read Read Read Read Read Read Read Read Read Read Read Read Read
Cloud Provision Admin   Read           Write Write Write Write    
Cloud Provision Auditor   Read           Read Read Read Read    
Cloud Security and CI/CD Admin Read Read Read Read Read Write Write Read Read Read Read    
Cloud Security and CI/CD Auditor Read Read Read Read Read Read Read Read Read Read Read    
Cloud Security Admin Read Read Read   Read   Write Read Read Read Read    
Cloud Security Auditor Read Read Read   Read   Read Read Read Read Read    
CI/CD Admin   Read   Read   Write   Read Read Read Read    
CI/CD Auditor   Read   Read   Read   Read Read Read Read    
Compliance Admin   Read     Read   Write Read Read Read Read    
Compliance Auditor   Read     Read   Read Read Read Read Read  

 

 

 

 

 

Container Protection Permission Group

There are 13 predefined permission groups with each having different access permissions. The purpose is to be able to delegate the most suitable role to each individual within an organization.

Predefined Permission Group Summary

Permission Group

Permission Group Summary

Admin Full Read and Write access to all container protection features including FortiView, Policy Config, Configure. and Admin. Read and Write access to all resource groups.
Auditor Full Read access to all container protection features including FortiView, Policy Config, and Configure. and Admin. Read access to all resource groups.
Cloud Provision Admin Read and Write access to configure Kubernetes Cluster, Registry, and Credential Store. Read and Write access to all resource groups.
Cloud Provision Auditor Read and view access to Kubernetes Cluster, Registry, and Credential Store. Read access to all resource groups.
Cloud Security and CI/CD Admin Read and Write access to configure CI/CD Integration and Compliance. Read and view access to Kubernetes Cluster, Registry, Credential Store. Read access to all resource groups.
Cloud Security and CI/CD Auditor Read and view access to CI/CD Integration, Compliance, Kubernetes Cluster, Registry, and Credential Store. Read access to all resource groups.
Cloud Security Admin Read and view access to Container Visibility, Container Image, Compliance analysis, Cluster and Registry. Write and configure access to Compliance Policies. Read access to all resource groups.
Cloud Security Auditor Read and view access to Container Visibility, Container Image, Compliance analysis/policy, Kubernetes Cluster, and Registry. Limit access to only resource groups assigned.
CI/CD Admin Read and Write access to CI/CD Integration configuration and result. Read access to all resource groups.
CI/CD Auditor Read access to CI/CD Integration configuration and result. Read access to all resource groups.
Compliance Admin Read and Write access to Compliance Policy configuration and result. Read access to all resource groups.
Compliance Auditor Read access to Compliance Policy configuration and result. Read access to all resource groups.
Vulnerability Auditor Read access to Registry configuration and result. Read access to all resource groups.

Predefined Permission Group - Full Details

This table shows the access permission of each permission group on all features in Container Protection. Read indicates that the feature is read only, and Write indicates the feature can be edited. The blank cell indicates that there is no access to the feature.

Permission Group Name Container Visibility Dashboard Container Image CI/CD Integration Compliance PolicyConfig - CI/CD Integration Policy Config - Compliance Configure- Kubernetes Cluster Configure - Registry Configure - Credential Store Admin - Resource Group Admin - Audit Log Admin - Settings
Global Admin Read Read Read Read Read Write Write Write Write Write Write Write Write
Global Auditor Read Read Read Read Read Read Read Read Read Read Read Read Read
Admin Read Read Read Read Read Write Write Write Write Write Write Write Write
Auditor Read Read Read Read Read Read Read Read Read Read Read Read Read
Cloud Provision Admin   Read           Write Write Write Write    
Cloud Provision Auditor   Read           Read Read Read Read    
Cloud Security and CI/CD Admin Read Read Read Read Read Write Write Read Read Read Read    
Cloud Security and CI/CD Auditor Read Read Read Read Read Read Read Read Read Read Read    
Cloud Security Admin Read Read Read   Read   Write Read Read Read Read    
Cloud Security Auditor Read Read Read   Read   Read Read Read Read Read    
CI/CD Admin   Read   Read   Write   Read Read Read Read    
CI/CD Auditor   Read   Read   Read   Read Read Read Read    
Compliance Admin   Read     Read   Write Read Read Read Read    
Compliance Auditor   Read     Read   Read Read Read Read Read