Fortinet black logo

FortiLAN Cloud User Guide

Home FortiLAN Cloud 23.4.0 FortiLAN Cloud User Guide
23.4.0
24.1.0
23.4.0
23.3.0
23.2.0
23.1.0
22.4.0
22.3.0

Resource/Task-Based Access Control (RTBAC)

Resource/Task-Based Access Control (RTBAC)

FortiLAN Cloud supports RTBAC for specific resources and tasks. This can be applied in addition to the assigned role in FortiCare for an account. Click RTBAC in the Manage Account Access page to create/manage RTBAC profiles and users.

RTBAC Profiles

The RTBAC profile defines resources and their configured permissions. You can assign an RTBAC profile to one or multiple FortiLAN Cloud users, and every account can have multiple RTBAC profiles.

Configuration

Description
LoginManager If you enable Proceed With Domain and select a domain, then the domain selection page is not displayed and the login proceeds with the selected domain.
Portal Set access permissions for all Resources/Tasks (features) displayed.
Apply template

The permission level set resets all permissions set for the resources/tasks mentioned above. The following blanket permissions can be granted.

  • Permissive - Sets all resource permissions to Read/Write.

  • Read Only - Sets all resource permissions to ReadOnly.

  • Restricted - Sets all resource permissions to NoAccess.


Notes:

  • The permissions configured in this page are overridden by the Access Type set in the FortiCare account. For example, if the user Access Type is ReadOnly in FortiCare then all Read/Write permissions are reset to ReadOnly.

  • The resources/tasks with un-configured permissions on this page are granted access based on the Access Type (Admin/ReadOnly) configured in FortiCare.

RTBAC Users

You can assign RTBAC profiles to an RTBAC user, external IdP, email, and IAM users are supported. If you do not specify an external IdP role, then the selected RTBAC profile is applicable to all roles from the external IdP. If the administrator has already configured some IdP roles in user management, then those roles are available for selection.

Previous
Next

Resource/Task-Based Access Control (RTBAC)

FortiLAN Cloud supports RTBAC for specific resources and tasks. This can be applied in addition to the assigned role in FortiCare for an account. Click RTBAC in the Manage Account Access page to create/manage RTBAC profiles and users.

RTBAC Profiles

The RTBAC profile defines resources and their configured permissions. You can assign an RTBAC profile to one or multiple FortiLAN Cloud users, and every account can have multiple RTBAC profiles.

Configuration

Description
LoginManager If you enable Proceed With Domain and select a domain, then the domain selection page is not displayed and the login proceeds with the selected domain.
Portal Set access permissions for all Resources/Tasks (features) displayed.
Apply template

The permission level set resets all permissions set for the resources/tasks mentioned above. The following blanket permissions can be granted.

  • Permissive - Sets all resource permissions to Read/Write.

  • Read Only - Sets all resource permissions to ReadOnly.

  • Restricted - Sets all resource permissions to NoAccess.


Notes:

  • The permissions configured in this page are overridden by the Access Type set in the FortiCare account. For example, if the user Access Type is ReadOnly in FortiCare then all Read/Write permissions are reset to ReadOnly.

  • The resources/tasks with un-configured permissions on this page are granted access based on the Access Type (Admin/ReadOnly) configured in FortiCare.

RTBAC Users

You can assign RTBAC profiles to an RTBAC user, external IdP, email, and IAM users are supported. If you do not specify an external IdP role, then the selected RTBAC profile is applicable to all roles from the external IdP. If the administrator has already configured some IdP roles in user management, then those roles are available for selection.

Previous
Next