Fortinet white logo
Fortinet white logo

Administration Guide

Customer user roles

Customer user roles

User roles enable you to authorize each customer user to view and modify only the content that is required for that user.

Each role defines the access rights of the user to specific Customer Portal pages and components. Content may be hidden from the user, read-only, or read-write access.

You can assign one or more roles to a user. For example, a user with Schedule Report Write and RunNow Report Execute roles will have read-write access to the Reports page and the RunNow page, and read-only access to the remaining pages and components for that customer.

The system provides a set of default customer user roles. You can also create new roles or customize the default roles using the Roles page. See Roles.

There are numerous default roles, but note the following common points:

  • The Customer Monitor role provides read-write access to the pages that a user requires to administer the Customer Portal for that customer. Because this role is far-reaching, we recommend that you assign this role to a limited number of users.
  • All of the customer roles provide read-write access to the dashboard.
  • All of the "Read" roles provide read access to all of the customer pages (except that the Run Now Report page is hidden). In addition, the role allows read-only access to the resource that the role name specifies (such as Policy, Address Object, Schedule Object).
  • Each of the "Write" roles provide read-only access to the same resources as the "Read" role, except that it also allows write access to the resource that the role name specifies (such as Policy, Address Object, Schedule Object).
  • The RunNow Report Execute role allows access to the RunNow page, so that the user can run reports. On the report page, the Run Now button is hidden for users without this role.

To provide a customer user with read-write access to a specific object or policy, you must set the corresponding write permission for this customer in the Customer data. Refer to Policy and Object Permissions in Add or edit a customer.

The following table describes the default role types that are available:

Role

Description

Customer Admin

Read-write access to the pages that an user requires to administer the Customer Portal for that customer

Schedule Report Read

Read access to the Report Definitions page

Schedule Report Write

Read access to the Report Definitions page and allows the user to add or edit a customer-defined report

Run Now Report Execute

Makes the Run Now button visible on the Reports page and enables the user to select a report and run it

Policy Read

Provides the user with read-only access to the policies

Policy Write

Provides the user with read-write access to the policies

Object Read

Provides the user with read-only access to the specified object type. Object types include:
Address Object, Schedule Object, Anti Virus Object, Application Sensor Object , DLP Object, Email Filter Object, IPS Sensor Object, Web Filter Object.

Object Write

Provides the user with read-write access to the specified object type

Customer user roles

Customer user roles

User roles enable you to authorize each customer user to view and modify only the content that is required for that user.

Each role defines the access rights of the user to specific Customer Portal pages and components. Content may be hidden from the user, read-only, or read-write access.

You can assign one or more roles to a user. For example, a user with Schedule Report Write and RunNow Report Execute roles will have read-write access to the Reports page and the RunNow page, and read-only access to the remaining pages and components for that customer.

The system provides a set of default customer user roles. You can also create new roles or customize the default roles using the Roles page. See Roles.

There are numerous default roles, but note the following common points:

  • The Customer Monitor role provides read-write access to the pages that a user requires to administer the Customer Portal for that customer. Because this role is far-reaching, we recommend that you assign this role to a limited number of users.
  • All of the customer roles provide read-write access to the dashboard.
  • All of the "Read" roles provide read access to all of the customer pages (except that the Run Now Report page is hidden). In addition, the role allows read-only access to the resource that the role name specifies (such as Policy, Address Object, Schedule Object).
  • Each of the "Write" roles provide read-only access to the same resources as the "Read" role, except that it also allows write access to the resource that the role name specifies (such as Policy, Address Object, Schedule Object).
  • The RunNow Report Execute role allows access to the RunNow page, so that the user can run reports. On the report page, the Run Now button is hidden for users without this role.

To provide a customer user with read-write access to a specific object or policy, you must set the corresponding write permission for this customer in the Customer data. Refer to Policy and Object Permissions in Add or edit a customer.

The following table describes the default role types that are available:

Role

Description

Customer Admin

Read-write access to the pages that an user requires to administer the Customer Portal for that customer

Schedule Report Read

Read access to the Report Definitions page

Schedule Report Write

Read access to the Report Definitions page and allows the user to add or edit a customer-defined report

Run Now Report Execute

Makes the Run Now button visible on the Reports page and enables the user to select a report and run it

Policy Read

Provides the user with read-only access to the policies

Policy Write

Provides the user with read-write access to the policies

Object Read

Provides the user with read-only access to the specified object type. Object types include:
Address Object, Schedule Object, Anti Virus Object, Application Sensor Object , DLP Object, Email Filter Object, IPS Sensor Object, Web Filter Object.

Object Write

Provides the user with read-write access to the specified object type