Fortinet black logo

Version:

Version:

Version:

Version:


Table of Contents

Online Help

Workload Protection Permission Group

There are 10 predefined permission groups with each having different access permissions. The purpose is to be able to delegate the most suitable role to each individual within an organization.

Predefined Permission Group Summary

Permission Group Permission Group Summary
Admin Full Read and Write access to all cloud monitoring features and resources besides profile and user management. Accessible to all resource groups.
Auditor Full Read access to all cloud monitoring features and resources besides profile and user management. Accessible to all resource groups.
Configuration Admin Read and Write access to policy configuration and admin features. Accessible to all resource groups.
Cloud Provisioning Admin Read and Write access to cloud monitoring summary, account and resource group management. Accessible to all resource groups.
Cloud Security and Report Admin Read and Write access to cloud monitoring summary, alert, resources, documents, policy (read only), report management, partial admin features (read only). Accessible to all resource groups.
Cloud Security and Report Auditor Read access to cloud monitoring summary, alert, resources, documents, activity, policy, view reports, and partial admin features. Accessible to all resource groups.
Cloud Security Admin Read and write access to cloud monitoring summary, alerts, resources, documents, activity, policy (read only), and partial admin features. Accessible to only the resource group(s) assigned.
Cloud Security Auditor Read access to cloud monitoring summary, alerts, resources, documents, activity, policy, and partial admin features. Accessible to only the resource group(s) assigned.
Report Admin Read and Write access to cloud monitoring summary and reports. Accessible to all resource groups.
Report Auditor Read access to cloud monitoring summary and reports. Accessible to all resource groups.

Predefined Permission Group and Account Management

  1. All permission groups have access to all resource groups except Cloud Security Admin and Cloud Security Auditor. Cloud Security Admin and Cloud Security Auditor can only access resource groups assigned to them.
  2. Admin, Configuration Admin, and Cloud Provision Admin can create, edit, and delete resource groups and cloud accounts in ADMIN. The rest of 7 permission groups can only view but not able to create or edit.

Predefined Permission Group - Full Details

This table shows the access permission of each permission group on all features in Workload Protection. Read indicates that the feature is read only, and Write indicates the feature can be edited. The blank cell indicates that there is no access to the feature.

Permission Group Name Dashboard Alert Resource Document Activity Policy Report Admin User Profile File Profile Traffic
Global Admin Read Write Read Read Read Write Write Write Read Read  
Global Auditor Read Read Read Read Read Read Read Read Read Read  
Admin Read Write Read Read Read Write Write Write Read Read Read
Auditor Read Read Read Read Read Read Read Read Read Read Read
Configuration Admin Read         Write   Write      
Cloud Provision Admin Read             Write (limited)      
Cloud Security and Report Admin Read Write Read Read Read Write Write Read (limited) Read Read Read
Cloud Security and Report Auditor Read Read Read Read Read Read Read Read (limited) Read Read Read
Cloud Security Admin Read Write Read Read Read Read   Read (limited) Read Read Read
Cloud Security Auditor Read Read Read Read Read Read   Read (limited) Read Read Read
Report Admin Read         Read Write Read (limited)      
Report Auditor Read         Read Read Read (limited)      

 

 

 

 

 

 

 

Workload Protection Permission Group

There are 10 predefined permission groups with each having different access permissions. The purpose is to be able to delegate the most suitable role to each individual within an organization.

Predefined Permission Group Summary

Permission Group Permission Group Summary
Admin Full Read and Write access to all cloud monitoring features and resources besides profile and user management. Accessible to all resource groups.
Auditor Full Read access to all cloud monitoring features and resources besides profile and user management. Accessible to all resource groups.
Configuration Admin Read and Write access to policy configuration and admin features. Accessible to all resource groups.
Cloud Provisioning Admin Read and Write access to cloud monitoring summary, account and resource group management. Accessible to all resource groups.
Cloud Security and Report Admin Read and Write access to cloud monitoring summary, alert, resources, documents, policy (read only), report management, partial admin features (read only). Accessible to all resource groups.
Cloud Security and Report Auditor Read access to cloud monitoring summary, alert, resources, documents, activity, policy, view reports, and partial admin features. Accessible to all resource groups.
Cloud Security Admin Read and write access to cloud monitoring summary, alerts, resources, documents, activity, policy (read only), and partial admin features. Accessible to only the resource group(s) assigned.
Cloud Security Auditor Read access to cloud monitoring summary, alerts, resources, documents, activity, policy, and partial admin features. Accessible to only the resource group(s) assigned.
Report Admin Read and Write access to cloud monitoring summary and reports. Accessible to all resource groups.
Report Auditor Read access to cloud monitoring summary and reports. Accessible to all resource groups.

Predefined Permission Group and Account Management

  1. All permission groups have access to all resource groups except Cloud Security Admin and Cloud Security Auditor. Cloud Security Admin and Cloud Security Auditor can only access resource groups assigned to them.
  2. Admin, Configuration Admin, and Cloud Provision Admin can create, edit, and delete resource groups and cloud accounts in ADMIN. The rest of 7 permission groups can only view but not able to create or edit.

Predefined Permission Group - Full Details

This table shows the access permission of each permission group on all features in Workload Protection. Read indicates that the feature is read only, and Write indicates the feature can be edited. The blank cell indicates that there is no access to the feature.

Permission Group Name Dashboard Alert Resource Document Activity Policy Report Admin User Profile File Profile Traffic
Global Admin Read Write Read Read Read Write Write Write Read Read  
Global Auditor Read Read Read Read Read Read Read Read Read Read  
Admin Read Write Read Read Read Write Write Write Read Read Read
Auditor Read Read Read Read Read Read Read Read Read Read Read
Configuration Admin Read         Write   Write      
Cloud Provision Admin Read             Write (limited)      
Cloud Security and Report Admin Read Write Read Read Read Write Write Read (limited) Read Read Read
Cloud Security and Report Auditor Read Read Read Read Read Read Read Read (limited) Read Read Read
Cloud Security Admin Read Write Read Read Read Read   Read (limited) Read Read Read
Cloud Security Auditor Read Read Read Read Read Read   Read (limited) Read Read Read
Report Admin Read         Read Write Read (limited)      
Report Auditor Read         Read Read Read (limited)