Fortinet black logo

User Guide

Access control

24.1.0
Copy Link
Copy Doc ID af1daa65-c273-11ec-9fd1-fa163e15d75b:343674
Download PDF

Access control

FortiMonitor's access control (ACL) functionality gives teams fine-grained controls over the infrastructure team members can view (scope) and specific actions they can perform. The system is driven by roles, which are logical groupings of actions that a user can perform. A user can have one-to-many roles assigned to them - they're designed to be layered on top of one another.

Roles

System Roles

Out of the box, FortiMonitor provides a number of default roles that will be more than sufficient for a lot of teams. They are not editable, but you can easily clone and customize them to meet your needs.

Role

Description

Account Admin

Able to perform any activity within FortiMonitor

Server Admin

Able to perform most activities, with the exception of user, integration, and API management, as well as a few other ancillary activities

Dashboard Admin

Full management of dashboards

Dashboard Viewer

Read-only access to dashboards

Incident Responder

Slightly more advanced than a read-only user. Allows the user to view instances, start maintenance, pause monitoring, and a bit more.

Billing Admin

Access to billing only

Add Custom Roles

Teams looking for more fine tuning can leverage custom roles. Custom roles can be comprised of any number of actions that are available in FortiMonitor. For instance, you may want a role that allows a user to view and edit instances, but read-only access for network devices. When creating a custom role, you may choose to either start from scratch or clone an existing role.

Starting from scratch

  1. Navigate to Settings > Access Control.

  2. Click Add Role.

  3. Name your role and give it a description. Providing a description is not required but is highly recommended

  4. Select any number of actions which your role can perform. Keep in mind, some actions are depended on each other - for example, it doesn't make sense to give someone edit access on an instance but not view access.

  5. Click Create. Your role is now ready to use.

Cloning an existing role

  1. Navigate to Settings > Access Control.

  2. Locate the role you'd like to clone. On the right side of the table, click the corresponding 3-dot menu.

  3. Click Clone.

  4. Give your new role a name. If you're a reseller, provide a role scope.

  5. Customize your role to your liking.

  6. Click Create. Your role is now ready to use.

Access control

FortiMonitor's access control (ACL) functionality gives teams fine-grained controls over the infrastructure team members can view (scope) and specific actions they can perform. The system is driven by roles, which are logical groupings of actions that a user can perform. A user can have one-to-many roles assigned to them - they're designed to be layered on top of one another.

Roles

System Roles

Out of the box, FortiMonitor provides a number of default roles that will be more than sufficient for a lot of teams. They are not editable, but you can easily clone and customize them to meet your needs.

Role

Description

Account Admin

Able to perform any activity within FortiMonitor

Server Admin

Able to perform most activities, with the exception of user, integration, and API management, as well as a few other ancillary activities

Dashboard Admin

Full management of dashboards

Dashboard Viewer

Read-only access to dashboards

Incident Responder

Slightly more advanced than a read-only user. Allows the user to view instances, start maintenance, pause monitoring, and a bit more.

Billing Admin

Access to billing only

Add Custom Roles

Teams looking for more fine tuning can leverage custom roles. Custom roles can be comprised of any number of actions that are available in FortiMonitor. For instance, you may want a role that allows a user to view and edit instances, but read-only access for network devices. When creating a custom role, you may choose to either start from scratch or clone an existing role.

Starting from scratch

  1. Navigate to Settings > Access Control.

  2. Click Add Role.

  3. Name your role and give it a description. Providing a description is not required but is highly recommended

  4. Select any number of actions which your role can perform. Keep in mind, some actions are depended on each other - for example, it doesn't make sense to give someone edit access on an instance but not view access.

  5. Click Create. Your role is now ready to use.

Cloning an existing role

  1. Navigate to Settings > Access Control.

  2. Locate the role you'd like to clone. On the right side of the table, click the corresponding 3-dot menu.

  3. Click Clone.

  4. Give your new role a name. If you're a reseller, provide a role scope.

  5. Customize your role to your liking.

  6. Click Create. Your role is now ready to use.