Access control options
When creating or editing a role, select Definitions to see access control definitions.
Access Control |
Definition |
||
---|---|---|---|
Secrets |
|||
|
It controls access to the Secret list page. It also controls whether pages: Secret Templates, Policies and Launchers can be viewed. |
||
|
Controls the access to Folders. Note: You can restrict the corresponding folder and secret permissions under a specific folder and secret. |
||
|
Permission to create folders in Root. |
||
|
Access to the SSH Filter Profiles page. |
||
|
Access to the Job List page. |
||
|
Access to the My Request and Request Review page in Approval Request. |
||
|
Access to the Approval Profile page in Approval Flow. |
||
|
Access to Password Changers page in Password Changing. |
||
|
Access to Character Sets page in Password Changing. |
||
|
Access to Password Policies page in Password Changing. |
||
|
Enable/disable creating event filter profiles. |
||
|
Enable/disable creating a personal folder right after the user is created. |
||
|
Enable/disable editing secret targets. |
||
|
Enable/disable editing the Classification Tag page. |
||
|
Enable/disable editing the Secret Templates page. |
||
|
Enable/disable editing the Policies page. |
||
|
Enable/disable editing the Secret Launchers and the Integrity Check pages. |
||
|
Enable/disable viewing the secret password, passphrase, and ssh-key. This requires Read/Write permission for the Secret List. |
||
|
Enable/disable viewing secret logs (Edit History, Activity, and SSH Filter Log tabs) when editing a secret (Secret Details window). |
||
|
Enable/disable viewing secret video when editing a secret (Secret Details window). Note: This only takes effect when View Secret Log is already enabled. |
||
|
Enable/disable launching file launchers. These are designated to send files. |
||
|
Enable/disable forcing user with this account profile to always launch with proxy. |
||
User Management |
|||
|
Access to the User List page in User Management and the Backup page in System. |
||
|
Access to the User Groups page in User Management. |
||
|
Access to the Role page in User Management. |
||
|
Access to the Ldap Servers page in User Management. |
||
|
Access to the Saml Single Sign-On page in User Management. |
||
|
Access to the Radius Servers page in User Management. |
||
|
Access to the Schedule page in User Management. |
||
|
Enable/disable CLI access. |
||
|
Enable/disable access to diagnostic CLI commands. |
||
|
Enable/disable permission to use firmware and configuration backup features. |
||
|
Access to pages in Monitoring. Note: This requires the same permission as User Groups, Ldap Servers, Saml Single Sign-On, and Radius Servers. |
||
Authentication |
|||
|
Access to the Addresses page. |
||
|
Access to the ZTNA page in System. ZTNA requires the same permission as Schedule and Addresses. Examples Example:
|
||
Network |
|||
|
Access to the Interfaces page in Network. |
||
|
Access to the Packet Capture page in Network. |
||
|
Access to the Static Routes page in Network. |
||
|
Access to the FortiAnalyzer Logging card on the Fabric Connectors page in Security Fabric. |
||
|
Access to the FortiClient EMS card on the Fabric Connectors page in Security Fabric. |
||
|
Access to the AntiVirus page. Notes:
|
||
|
Access to the Data Leak Prevention and the DLP File Pattern pages. |
||
|
Enable/disable accessing the Certificates page in System. |
||
System |
|||
|
Access to:
|
||
|
Access to the FortiGuard page from Dashboard. |
||
|
Access to Email Alert Settings and Log Settings in Log & Report. |
||
Admin Settings |
|||
|
Enable/disable accessing FortiPAM GUI. |
||
|
Enable/disable glass breaking mode. |
||
|
Enable/disable maintenance mode. |
||
|
Enable/disable viewing Events, Secrets, ZTNA, and SSH logs in Log & Report. |
||
|
Enable/disable viewing Reports in Log & Report. |
||
|
Enable/disable viewing playback videos in Secret Video. |