Fortinet black logo

Administration Guide

Limit admin access with groups

Copy Link
Copy Doc ID 825689eb-200d-11e9-b6f6-f8bc1258b856:122453
Download PDF

Limit admin access with groups

To control which hosts and ports Admin users can access you can place those Admin users in special groups. Then designate those special Admin groups to manage groups of hosts or ports.

Example:

Assume you have two Administrative Users that are responsible for monitoring medical devices and nurses in a hospital. They should not see any other data. To accomplish this you must configure the following:

  • Place the nurses' workstations into a host group.
  • Place the medical devices to be monitored into a host group.
  • Place the ports where the medical devices connect into a port group.
  • Place these two Administrative Users in a special Administrator Group.
  • Assign these two Administrative User to a profile with permissions for Manage Hosts & Ports. Make sure the Manage Hosts & Ports setting on the General Tab of the profile is set to Restrict by Groups.
  • Set the Administrator group to manage the nurses group, the medical device group and the port group.
  • Remove these two Administrative Users from the All Management Group or they will have access to all hosts and ports.

When those Administrative Users log into the Admin user interface, they can only see data associated with the nurses, medical devices or the ports in the groups they manage.

Note

Make sure to remove affected Administrative Users from the All Management group or they will continue to have access to all hosts and ports.

Note

Administrative Users can still view all hosts and users from the Locate View if their Admin Profile gives them permission for that view, but they can only modify those that are in the group they are managing.

  1. Create the group of hosts or ports. See Add groups for instructions.
  2. Create an admin profile for with permissions for manage hosts & ports. Make sure the Manage Hosts & Ports setting on the General Tab of the profile is set to Restrict by Groups. See Add an admin profile
  3. Create an administrator group that contains the administrative users responsible for the devices or ports.
  4. Remove the administrative users from the All Management group. See Modify a group for instructions.
  5. Right-click on the administrator group and select Manages.
  6. On the Manages window select the group(s) to be managed by marking them with a check mark.
  7. Click OK.

Limit admin access with groups

To control which hosts and ports Admin users can access you can place those Admin users in special groups. Then designate those special Admin groups to manage groups of hosts or ports.

Example:

Assume you have two Administrative Users that are responsible for monitoring medical devices and nurses in a hospital. They should not see any other data. To accomplish this you must configure the following:

  • Place the nurses' workstations into a host group.
  • Place the medical devices to be monitored into a host group.
  • Place the ports where the medical devices connect into a port group.
  • Place these two Administrative Users in a special Administrator Group.
  • Assign these two Administrative User to a profile with permissions for Manage Hosts & Ports. Make sure the Manage Hosts & Ports setting on the General Tab of the profile is set to Restrict by Groups.
  • Set the Administrator group to manage the nurses group, the medical device group and the port group.
  • Remove these two Administrative Users from the All Management Group or they will have access to all hosts and ports.

When those Administrative Users log into the Admin user interface, they can only see data associated with the nurses, medical devices or the ports in the groups they manage.

Note

Make sure to remove affected Administrative Users from the All Management group or they will continue to have access to all hosts and ports.

Note

Administrative Users can still view all hosts and users from the Locate View if their Admin Profile gives them permission for that view, but they can only modify those that are in the group they are managing.

  1. Create the group of hosts or ports. See Add groups for instructions.
  2. Create an admin profile for with permissions for manage hosts & ports. Make sure the Manage Hosts & Ports setting on the General Tab of the profile is set to Restrict by Groups. See Add an admin profile
  3. Create an administrator group that contains the administrative users responsible for the devices or ports.
  4. Remove the administrative users from the All Management group. See Modify a group for instructions.
  5. Right-click on the administrator group and select Manages.
  6. On the Manages window select the group(s) to be managed by marking them with a check mark.
  7. Click OK.