Fortinet Document Library

Version:


Table of Contents

User Guide

21.4.0
Copy Link

Accounts with restricted access

Accounts with restricted access will not see devices they don't have access to in any parts of the NCM.
Zones which are not tagged with any tags that the account has access to will also not be visible.

For a complete list of all NCM features which will be access restricted, please check the Device access restrictions article.

Since the NCM uses a tag-based approach to per-device access restriction, there are a few specific behaviors that can benefit from clarification.

  • Operator level accounts can NOT delete Tags - this is a security measure as deleting Tags can have an effect on access policies.
    (for example, deleting a tag that is the only tag restricting access for an account would remove access restrictions from an account - see below)

By default, accounts have access to all devices present in NCM.
When device access restrictions are applied to an account, this causes some specific behavior:

  • all tagging operations (in Device tags, Devices > Tags, Zones > Manage tags, etc.) for access restricted accounts are limited to only tags the account has access to
    (an access limited account can only tag and untag with tags associated with that account)

  • access restricted accounts can only see Zones which have tags they have access to
    (only zones tagged with at least one tag the account is restricted with will be visible in the Zones view)

Accounts with restricted access

Accounts with restricted access will not see devices they don't have access to in any parts of the NCM.
Zones which are not tagged with any tags that the account has access to will also not be visible.

For a complete list of all NCM features which will be access restricted, please check the Device access restrictions article.

Since the NCM uses a tag-based approach to per-device access restriction, there are a few specific behaviors that can benefit from clarification.

  • Operator level accounts can NOT delete Tags - this is a security measure as deleting Tags can have an effect on access policies.
    (for example, deleting a tag that is the only tag restricting access for an account would remove access restrictions from an account - see below)

By default, accounts have access to all devices present in NCM.
When device access restrictions are applied to an account, this causes some specific behavior:

  • all tagging operations (in Device tags, Devices > Tags, Zones > Manage tags, etc.) for access restricted accounts are limited to only tags the account has access to
    (an access limited account can only tag and untag with tags associated with that account)

  • access restricted accounts can only see Zones which have tags they have access to
    (only zones tagged with at least one tag the account is restricted with will be visible in the Zones view)