Fortinet black logo

FortiLAN Cloud User Guide

Home FortiLAN Cloud 23.3.0 FortiLAN Cloud User Guide
23.3.0
24.1.0
23.4.0
23.3.0
23.2.0
23.1.0
22.4.0
22.3.0

Resource/Task-Based Access Control (RTBAC)

Resource/Task-Based Access Control (RTBAC)

FortiLAN Cloud supports RTBAC for specific resources and tasks. This can be applied in addition to the assigned role in FortiCare for an account. Click RTBAC in the Manage Account Access page to create/manage RTBAC profiles and users.

Note: RTBAC support is available for external IDP users only.

RTBAC Profiles

The RTBAC profile defines resources and their configured permissions. You can assign an RTBAC profile to one or multiple FortiLAN Cloud users, and every account can have multiple RTBAC profiles. In the LoginManager, if you enable Proceed With Domain and select a domain, then the domain selection page is not displayed and the login proceeds with the selected domain. Set access permissions for all Resources/Tasks (features) displayed.

The permission level set in Apply template resets all permissions set for the resources/tasks mentioned above. The following blanket permissions can be granted.

  • Permissive - Sets all resource permissions to Read/Write.

  • Read Only - Sets all resource permissions to ReadOnly.

  • Restricted - Sets all resource permissions to NoAccess.

Notes:

  • The permissions configured in this page are overridden by the Access Type set in the FortiCare account. For example, if the user Access Type is ReadOnly in FortiCare then all Read/Write permissions are reset to ReadOnly.

  • The resources/tasks with un-configured permissions on this page are granted access based on the Access Type (Admin/ReadOnly) configured in FortiCare.

RTBAC Users

You can assign RTBAC profiles to an RTBAC user; only external IDP users are supported. If you do not specify an external IDP role, then the selected RTBAC profile is applicable to all roles from the external IDP. If the administrator has already configured some IDP roles in user management, then those roles are available for selection.

Previous
Next

Resource/Task-Based Access Control (RTBAC)

FortiLAN Cloud supports RTBAC for specific resources and tasks. This can be applied in addition to the assigned role in FortiCare for an account. Click RTBAC in the Manage Account Access page to create/manage RTBAC profiles and users.

Note: RTBAC support is available for external IDP users only.

RTBAC Profiles

The RTBAC profile defines resources and their configured permissions. You can assign an RTBAC profile to one or multiple FortiLAN Cloud users, and every account can have multiple RTBAC profiles. In the LoginManager, if you enable Proceed With Domain and select a domain, then the domain selection page is not displayed and the login proceeds with the selected domain. Set access permissions for all Resources/Tasks (features) displayed.

The permission level set in Apply template resets all permissions set for the resources/tasks mentioned above. The following blanket permissions can be granted.

  • Permissive - Sets all resource permissions to Read/Write.

  • Read Only - Sets all resource permissions to ReadOnly.

  • Restricted - Sets all resource permissions to NoAccess.

Notes:

  • The permissions configured in this page are overridden by the Access Type set in the FortiCare account. For example, if the user Access Type is ReadOnly in FortiCare then all Read/Write permissions are reset to ReadOnly.

  • The resources/tasks with un-configured permissions on this page are granted access based on the Access Type (Admin/ReadOnly) configured in FortiCare.

RTBAC Users

You can assign RTBAC profiles to an RTBAC user; only external IDP users are supported. If you do not specify an external IDP role, then the selected RTBAC profile is applicable to all roles from the external IDP. If the administrator has already configured some IDP roles in user management, then those roles are available for selection.

Previous
Next