User Permissions
In FortiDevSec, user permissions are granularly controlled to ensure secure access to applications and data. These permissions are assigned based on user roles and group memberships, providing a flexible and efficient way to manage access control. Master users are the owners of member and application groups.
Application permissions
Following are the permissions for different user roles at the application level.
|
Action |
Permissions |
|||
|---|---|---|---|---|
|
Owner |
Moderator |
Write |
Read |
|
| Create an application within a Private application group if you are a member of that group. | ✅ | ✅ | ✅ | ❌ |
| Create an application within a Shared application group if you are a member of that group. | ✅ | ✅ | ✅ | ❌ |
| Update Risk Rating of an application that is a part of Private or Shared application group. | ✅ | ✅ | ✅ * | ❌ |
| Change the Vulnerability Status in the Vulnerability Catalog page. | ✅ | ✅ | ✅ * | ❌ |
*Only when the user with write access is the owner of the application.
Settings permissions
Following are the settings permissions for applications within Private or Shared application groups.
|
Action |
Permissions |
|||
|---|---|---|---|---|
|
Owner |
Moderator |
Write |
Read |
|
| Deactivate an application. | ✅ | ✅ | ✅ * | ❌ |
| Delete an application. | ✅ | ✅ | ❌ | ❌ |
| Configure FortiDAST plugin. | ✅ | ✅ | ✅ | ❌ |
| Configure Jira plugin. | ✅ | ✅ | ✅ | ❌ |
|
Modify application name. |
✅ |
✅ |
✅ * |
❌ |
|
Modify application ID. |
✅ |
✅ |
❌ |
❌ |
*Only when the user with write access is the owner of the application.
Member group permissions
Following are the permissions for different user roles at the member group level.
|
Action |
Permissions |
|||
|---|---|---|---|---|
|
Owner |
Moderator |
Write |
Read |
|
| Create a member group. | ✅ | ❌ | ❌ | ❌ |
| Add Application Groups and modify access permissions on the Member Group Edit page. | ✅ | ❌ | ❌ | ❌ |
|
Modify member group name. |
✅ |
❌ |
❌ |
❌ |
| Add members to a member group. | ✅ | ❌ | ❌ | ❌ |
| Delete members from a member group. | ✅ | ❌ | ❌ | ❌ |
|
Delete a member group. |
✅ |
❌ |
❌ |
❌ |
|
Update permissions of a member group |
✅ |
✅ * |
❌ |
❌ |
* A user with moderator access can only modify the permissions of other member groups with lower privileges. Both the moderator's group and the target group must have access to the same application group.
Application group permissions
Following are the permissions for different user roles at the application group level.
|
Action |
Permissions |
|||
|---|---|---|---|---|
|
Owner |
Moderator |
Write |
Read |
|
| Create a application group. | ✅ | ❌ | ❌ | ❌ |
| Add an application to application group. | ✅ | ✅ | ❌ | ❌ |
| Delete an application from application group. | ✅ | ✅ * | ❌ | ❌ |
|
Modify application group name. |
✅ |
✅ |
❌ |
❌ |
|
Modify application group visibility. |
✅ |
✅ |
❌ |
❌ |
| Delete application group. | ✅ | ❌ | ❌ | ❌ |
|
Add Member Groups and modify access permissions on the Application Group Edit page. |
✅ |
❌ |
❌ |
❌ |
* Only when a user with moderator access is part of that application group.
Group request permissions
Following are the group request permissions.
|
Action |
Permissions |
|||
|---|---|---|---|---|
|
Owner |
Moderator |
Write |
Read |
|
| Approve shared application group join request. | ✅ | ✅ * | ❌ | ❌ |
* Only when a user with moderator access is part of requested application group.
Access control permissions
Following are the access control permissions.
|
Action |
Permissions |
|||
|---|---|---|---|---|
|
Owner |
Moderator |
Write |
Read |
|
| Modify member group permissions in Access Control page. | ✅ | ❌ | ❌ | ❌ |