Fortinet black logo

Administration Guide

Home FortiPAM 1.0.0 Administration Guide
1.0.0
1.3.0
1.2.0
1.1.2
1.1.1
1.1.0
1.0.3
1.0.2
1.0.1
1.0.0

Access control options

Access control options

When creating or editing a role, select Definitions to see access control definitions.

Access Control

Definition

Secrets

Secret List

It controls access to the Secret list page.

It also controls whether pages: Secret Templates, Policies and Launchers can be viewed.

Secret Folder

Controls the access to Folders.

Note: You can restrict the corresponding folder and secret permissions under a specific folder and secret.

Root Folder

Permission to create folders in Root.

SSH Filter Profile

Access to the SSH Filter Profiles page.

Job List

Access to the Job List page.

Approval Request

Access to the My Request and Request Review page in Approval Request.

Approval Profile

Access to the Approval Profile page in Approval Flow.

Password Changer

Access to Password Changers page in Password Changing.

Password Character Set

Access to Character Sets page in Password Changing.

Password Policy

Access to Password Policies page in Password Changing.

Create Personal Folder

Enable/disable creating a personal folder right after the user is created.

Edit Secret Templates

Enable/disable editing the Secret Templates page.

Edit Secret Policies

Enable/disable editing the Policies page.

Edit Secret Launchers

Enable/disable editing the Secret Launchers page.

View Encrypted information

Enable/disable viewing the secret password, passphrase and ssh-key. The Secret list must have Write permission to view the encrypted secret information.

User Management

Administrator Users

Access to the User Definition page in User Management and the Backup page in System.

User Groups

Access to the User Groups page in User Management.

Role

Access to the Role page in User Management.

Ldap Servers

Access to the Ldap Servers page in User Management.

Saml Single Sign-On

Access to the Saml Single Sign-On page in User Management.

Radius Servers

Access to the Radius Servers page in User Management.

Schedule

Access to the Schedule page in User Management.

Allow CLI Access

Enable/disable CLI access.

Allow CLI Diagnostic Commands

Enable/disable access to diagnostic CLI commands.

Allow Firmware Upgrade & Backups

Enable/disable permission to use firmware and configuration backup features.

Authentication

Addresses

Access to the Addresses page.

Scheme & Rules

Access to the Scheme & Rules page.

ZTNA

Access to the ZTNA page in System.

Network

Configuration

Access to the Interfaces page in Network.

Packet Capture

Access to the Packet Capture page in Network.

Static Routes

Access to the Static Routes page in Network.

Fabric

Access to the FortiAnalyzer Logging card on the Fabric Connectors page in Security Fabric.

Endpoint Control

Access to the FortiClient EMS card on the Fabric Connectors page in Security Fabric.

Manage System Certificates

Enable/disable accessing the Certificates page in System.

System

Configuration

Access to:

  • DNS Settings in Network.

  • SNMP, Settings, and HA pages in System.

  • VM License uploading; System Reboot, and Shutdown settings.

  • Configuration Revisions and Scripts.

FortiGuard Updates

Access to the FortiGuard page from Dashboard.

Email Alert/Log Settings

Access to Email Alert Settings and Log Settings in Log & Report.

Admin Settings

Access FortiPAM GUI

Enable/disable accessing FortiPAM GUI.

Enter Glass Breaking Mode

Enable/disable glass breaking mode.

Set Maintenance Mode

Enable/disable maintenance mode.

View Logs

Enable/disable viewing Events, Secrets, ZTNA, and SSH logs in Log & Report.

View Reports

Enable/disable viewing Reports in Log & Report.

View Secret Launching Video

Enable/disable viewing playback videos in Secret Video.
Previous
Next

Access control options

When creating or editing a role, select Definitions to see access control definitions.

Access Control

Definition

Secrets

Secret List

It controls access to the Secret list page.

It also controls whether pages: Secret Templates, Policies and Launchers can be viewed.

Secret Folder

Controls the access to Folders.

Note: You can restrict the corresponding folder and secret permissions under a specific folder and secret.

Root Folder

Permission to create folders in Root.

SSH Filter Profile

Access to the SSH Filter Profiles page.

Job List

Access to the Job List page.

Approval Request

Access to the My Request and Request Review page in Approval Request.

Approval Profile

Access to the Approval Profile page in Approval Flow.

Password Changer

Access to Password Changers page in Password Changing.

Password Character Set

Access to Character Sets page in Password Changing.

Password Policy

Access to Password Policies page in Password Changing.

Create Personal Folder

Enable/disable creating a personal folder right after the user is created.

Edit Secret Templates

Enable/disable editing the Secret Templates page.

Edit Secret Policies

Enable/disable editing the Policies page.

Edit Secret Launchers

Enable/disable editing the Secret Launchers page.

View Encrypted information

Enable/disable viewing the secret password, passphrase and ssh-key. The Secret list must have Write permission to view the encrypted secret information.

User Management

Administrator Users

Access to the User Definition page in User Management and the Backup page in System.

User Groups

Access to the User Groups page in User Management.

Role

Access to the Role page in User Management.

Ldap Servers

Access to the Ldap Servers page in User Management.

Saml Single Sign-On

Access to the Saml Single Sign-On page in User Management.

Radius Servers

Access to the Radius Servers page in User Management.

Schedule

Access to the Schedule page in User Management.

Allow CLI Access

Enable/disable CLI access.

Allow CLI Diagnostic Commands

Enable/disable access to diagnostic CLI commands.

Allow Firmware Upgrade & Backups

Enable/disable permission to use firmware and configuration backup features.

Authentication

Addresses

Access to the Addresses page.

Scheme & Rules

Access to the Scheme & Rules page.

ZTNA

Access to the ZTNA page in System.

Network

Configuration

Access to the Interfaces page in Network.

Packet Capture

Access to the Packet Capture page in Network.

Static Routes

Access to the Static Routes page in Network.

Fabric

Access to the FortiAnalyzer Logging card on the Fabric Connectors page in Security Fabric.

Endpoint Control

Access to the FortiClient EMS card on the Fabric Connectors page in Security Fabric.

Manage System Certificates

Enable/disable accessing the Certificates page in System.

System

Configuration

Access to:

  • DNS Settings in Network.

  • SNMP, Settings, and HA pages in System.

  • VM License uploading; System Reboot, and Shutdown settings.

  • Configuration Revisions and Scripts.

FortiGuard Updates

Access to the FortiGuard page from Dashboard.

Email Alert/Log Settings

Access to Email Alert Settings and Log Settings in Log & Report.

Admin Settings

Access FortiPAM GUI

Enable/disable accessing FortiPAM GUI.

Enter Glass Breaking Mode

Enable/disable glass breaking mode.

Set Maintenance Mode

Enable/disable maintenance mode.

View Logs

Enable/disable viewing Events, Secrets, ZTNA, and SSH logs in Log & Report.

View Reports

Enable/disable viewing Reports in Log & Report.

View Secret Launching Video

Enable/disable viewing playback videos in Secret Video.
Previous
Next