Fortinet black logo

Administration Guide

Limit access with groups

Copy Link
Copy Doc ID dc02a854-ab11-11ea-8b7d-00505692583a:122453
Download PDF

Limit access with groups

To control which hosts and ports administrators can access you can place those administrators in special groups. Then designate those special Admin groups to manage groups of hosts or ports.

Example:

Assume you have two administrators that are responsible for monitoring medical devices and nurses in a hospital. They should not see any other data. To accomplish this you must configure the following:

  • Place the nurses' workstations into a host group.
  • Place the medical devices to be monitored into a host group.
  • Place the ports where the medical devices connect into a port group.
  • Place these two administrators in a special administrator group.
  • Assign these two administrator to a profile with permissions for Manage Hosts & Ports. Make sure the Manage Hosts & Ports setting on the General tab of the profile is set to Restrict by Groups.
  • Set the administrator group to manage the nurses group, the medical device group and the port group.
  • Remove these two administrators from the All Management group or they will have access to all hosts and ports.

When those administrators log into the admin UI, they can only see data associated with the nurses, medical devices or the ports in the groups they manage.

Make sure to remove affected administrators from the All Management group or they will continue to have access to all hosts and ports.

Administrators can still view all hosts and users from the Locate View if their administrator profile gives them permission for that view, but they can only modify those that are in the group they are managing.

  1. Create the group of hosts or ports. See Add groups for instructions.
  2. Create an administrator profile for with permissions for manage hosts & ports. Make sure the Manage Hosts & Ports setting on the General Tab of the profile is set to Restrict by Groups. See Add an administrator profile
  3. Create an administrator group that contains the administrators responsible for the devices or ports.
  4. Remove the administrators from the All Management group. See Modify a group for instructions.
  5. Right-click on the administrator group and select Manages.
  6. On the Manages window select the group(s) to be managed by marking them with a check mark.
  7. Click OK.

Limit access with groups

To control which hosts and ports administrators can access you can place those administrators in special groups. Then designate those special Admin groups to manage groups of hosts or ports.

Example:

Assume you have two administrators that are responsible for monitoring medical devices and nurses in a hospital. They should not see any other data. To accomplish this you must configure the following:

  • Place the nurses' workstations into a host group.
  • Place the medical devices to be monitored into a host group.
  • Place the ports where the medical devices connect into a port group.
  • Place these two administrators in a special administrator group.
  • Assign these two administrator to a profile with permissions for Manage Hosts & Ports. Make sure the Manage Hosts & Ports setting on the General tab of the profile is set to Restrict by Groups.
  • Set the administrator group to manage the nurses group, the medical device group and the port group.
  • Remove these two administrators from the All Management group or they will have access to all hosts and ports.

When those administrators log into the admin UI, they can only see data associated with the nurses, medical devices or the ports in the groups they manage.

Make sure to remove affected administrators from the All Management group or they will continue to have access to all hosts and ports.

Administrators can still view all hosts and users from the Locate View if their administrator profile gives them permission for that view, but they can only modify those that are in the group they are managing.

  1. Create the group of hosts or ports. See Add groups for instructions.
  2. Create an administrator profile for with permissions for manage hosts & ports. Make sure the Manage Hosts & Ports setting on the General Tab of the profile is set to Restrict by Groups. See Add an administrator profile
  3. Create an administrator group that contains the administrators responsible for the devices or ports.
  4. Remove the administrators from the All Management group. See Modify a group for instructions.
  5. Right-click on the administrator group and select Manages.
  6. On the Manages window select the group(s) to be managed by marking them with a check mark.
  7. Click OK.