Resource/Task-Based Access Control (RTBAC)
RTBAC enables you to control the tasks/operations and resources that a user can have access to, thus providing a more granular level of control over user access. RTBAC offers flexibility in defining access control policies to control the set of GUI pages served to different users. In the Manage Account Access page of the FortiLAN Cloud portal, you can associate access permissions with both users and specific tasks they intend to perform on resources, in addition to the assigned role in FortiCare for an account.
RTBAC Profiles
The RTBAC profile defines resources and their configured permissions. You can assign an RTBAC profile to one or multiple FortiLAN Cloud users, and every account can have multiple RTBAC profiles.
|
Configuration |
Description |
|---|---|
| LoginManager | If you enable Proceed With Domain and select a domain, then the domain selection page is not displayed and the login proceeds with the selected domain. |
| Resources/Tasks | Set access permissions for all Resources/Tasks (features) displayed. |
| Apply template |
The permission level set resets all permissions set for the resources/tasks mentioned above. The following blanket permissions can be granted.
|
Notes:
-
The permissions configured in this page are overridden by the Access Type set in the FortiCare account. For example, if the user Access Type is ReadOnly in FortiCare then all Read/Write permissions are reset to ReadOnly.
-
The resources/tasks with un-configured permissions on this page are granted access based on the Access Type (Admin/ReadOnly) configured in FortiCare.
RTBAC Users
You can assign RTBAC profiles to an RTBAC user, external IdP, email, and IAM users are supported. If you do not specify an external IdP role, then the selected RTBAC profile is applicable to all roles from the external IdP. If the administrator has already configured some IdP roles in user management, then those roles are available for selection.
