Access control
FortiMonitor's access control (ACL) functionality gives teams fine-grained controls over the infrastructure team members can view (scope) and specific actions they can perform. The system is driven by roles, which are logical groupings of actions that a user can perform. A user can have one-to-many roles assigned to them - they're designed to be layered on top of one another.
Roles
System Roles
Out of the box, FortiMonitor provides a number of default roles that will be more than sufficient for a lot of teams. They are not editable, but you can easily clone and customize them to meet your needs.
Role |
Description |
---|---|
Account Admin |
Able to perform any activity within FortiMonitor |
Server Admin |
Able to perform most activities, with the exception of user, integration, and API management, as well as a few other ancillary activities |
Dashboard Admin |
Full management of dashboards |
Dashboard Viewer |
Read-only access to dashboards |
Incident Responder |
Slightly more advanced than a read-only user. Allows the user to view instances, start maintenance, pause monitoring, and a bit more. |
Billing Admin |
Access to billing only |
Add Custom Roles
Teams looking for more fine tuning can leverage custom roles. Custom roles can be comprised of any number of actions that are available in FortiMonitor. For instance, you may want a role that allows a user to view and edit instances, but read-only access for network devices. When creating a custom role, you may choose to either start from scratch or clone an existing role.
Starting from scratch
-
Navigate to Settings > Access Control.
-
Click Add Role.
-
Name your role and give it a description. Providing a description is not required but is highly recommended
-
Select any number of actions which your role can perform. Keep in mind, some actions are depended on each other - for example, it doesn't make sense to give someone edit access on an instance but not view access.
-
Click Create. Your role is now ready to use.
Cloning an existing role
-
Navigate to Settings > Access Control.
-
Locate the role you'd like to clone. On the right side of the table, click the corresponding 3-dot menu.
-
Click Clone.
-
Give your new role a name. If you're a reseller, provide a role scope.
-
Customize your role to your liking.
-
Click Create. Your role is now ready to use.