Fortinet black logo

Administration Guide

Home FortiPortal 7.0.0 Administration Guide
7.0.0
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.3.8
5.3.7
5.3.6
5.3.5
5.3.4
5.3.3
5.3.2
5.3.0
5.2.0
4.1.0
4.0.3
4.0.2
4.0.1
4.0.0

User roles

User roles

User roles enable you to authorize each user to view and modify only the content that is required for that user.

Each role defines the access rights of the user to specific organization portal pages and components. Content may be hidden from the user, read-only, or read-write access.

You can assign one or more roles to a user. For example, a user with Schedule Report Write and RunNow Report Execute roles will have read-write access to the Reports page and the RunNow page, and read-only access to the remaining pages and components for that organization.

The system provides a set of default user roles. You can also create new roles or customize the default roles using the Profiles tab. See Profiles.

There are numerous default roles, but note the following common points:

  • The Customer Monitor role provides read-write access to the pages that a user requires to administer the organization portal for that organization. Because this role is far-reaching, we recommend that you assign this role to a limited number of users.
  • All of the roles provide read-write access to the dashboard.
  • All of the "Read" roles provide read access to all of the organization pages (except that the Run Now Report page is hidden). In addition, the role allows read-only access to the resource that the role name specifies (such as Policy, Address Object, Schedule Object).
  • Each of the "Write" roles provide read-only access to the same resources as the "Read" role, except that it also allows write access to the resource that the role name specifies (such as Policy, Address Object, Schedule Object).
  • The RunNow Report Execute role allows access to the RunNow page, so that the user can run reports. On the report page, the Run Now button is hidden for users without this role.

The following table describes the default role types that are available:

Role

Description

Customer Admin

Read-write access to the pages that an user requires to administer the organization portal for that organziation

Schedule Report Read

Read access to the Report Definitions page

Schedule Report Write

Read access to the Report Definitions page and allows the user to add or edit an organziation-defined report

Run Now Report Execute

Makes the Run Now button visible on the Reports page and enables the user to select a report and run it

Policy Read

Provides the user with read-only access to the policies

Policy Write

Provides the user with read-write access to the policies

Object Read

Provides the user with read-only access to the specified object type. Object types include:
Address Object, Schedule Object, Anti Virus Object, Application Sensor Object , DLP Object, Email Filter Object, IPS Sensor Object, Web Filter Object.

Object Write

Provides the user with read-write access to the specified object type
Previous
Next

User roles

User roles enable you to authorize each user to view and modify only the content that is required for that user.

Each role defines the access rights of the user to specific organization portal pages and components. Content may be hidden from the user, read-only, or read-write access.

You can assign one or more roles to a user. For example, a user with Schedule Report Write and RunNow Report Execute roles will have read-write access to the Reports page and the RunNow page, and read-only access to the remaining pages and components for that organization.

The system provides a set of default user roles. You can also create new roles or customize the default roles using the Profiles tab. See Profiles.

There are numerous default roles, but note the following common points:

  • The Customer Monitor role provides read-write access to the pages that a user requires to administer the organization portal for that organization. Because this role is far-reaching, we recommend that you assign this role to a limited number of users.
  • All of the roles provide read-write access to the dashboard.
  • All of the "Read" roles provide read access to all of the organization pages (except that the Run Now Report page is hidden). In addition, the role allows read-only access to the resource that the role name specifies (such as Policy, Address Object, Schedule Object).
  • Each of the "Write" roles provide read-only access to the same resources as the "Read" role, except that it also allows write access to the resource that the role name specifies (such as Policy, Address Object, Schedule Object).
  • The RunNow Report Execute role allows access to the RunNow page, so that the user can run reports. On the report page, the Run Now button is hidden for users without this role.

The following table describes the default role types that are available:

Role

Description

Customer Admin

Read-write access to the pages that an user requires to administer the organization portal for that organziation

Schedule Report Read

Read access to the Report Definitions page

Schedule Report Write

Read access to the Report Definitions page and allows the user to add or edit an organziation-defined report

Run Now Report Execute

Makes the Run Now button visible on the Reports page and enables the user to select a report and run it

Policy Read

Provides the user with read-only access to the policies

Policy Write

Provides the user with read-write access to the policies

Object Read

Provides the user with read-only access to the specified object type. Object types include:
Address Object, Schedule Object, Anti Virus Object, Application Sensor Object , DLP Object, Email Filter Object, IPS Sensor Object, Web Filter Object.

Object Write

Provides the user with read-write access to the specified object type
Previous
Next