Restricting administrator access to device groups
On the Device Manager pane, you can create device groups and add devices to the different groups. If you are using ADOMs, select the ADOM, and then create the device group.
When you create an administrator account, you can specify which ADOMs the account can access, and which device groups can be accessed in those ADOMs.
This topic describes how to create a device group and how to restrict administrator access to device groups.
To create a device group:
- Go to Device Manager > Device & Groups.
- If you are using ADOMs, select the ADOM that you are creating a device group in. Otherwise skip this step.
- In the Device Group dropdown menu, click Create New Group.
- Enter a name for the group and add devices to it, then click OK.
In this example, the root ADOM contains group1, group2, and group3.
To specify admin access to device groups:
- Go to System Settings > Administrators.
- Click Create New.
- Beside Administrative Domain, click Specify.
- Select the ADOM that contains the device group. Select only one ADOM.
- Select Specify Device Group to Access, and then select the device group.
In this example, group1 is specified.
- Click OK.
When the administrator logs in to FortiManager, they can only access the specified device group on the Device Manager pane. In this example, they can only access group1.