Role-based access control (RBAC)

Role-based access controls (RBAC) for modules within the FortiSOC GUI are managed using Roles in FortiSOC.

When creating IAM users, the permission profile will determine the predefined role assigned to the user in FortiSOC.

Admin: Full Admin role
Read / Write: Analyst role
Read Only: Read-Only Admin role
Custom: Read-Only Admin role. Once the Custom user logs into FortiSOC, a Full Admin can assign another predefined or custom role for the user in the FortiSOC GUI. The newly assigned role will be applied to the Custom user when they next login. See Creating custom roles and Assigning roles.

Sub users are automatically assigned the Read-Only Admin role. Once the sub user logs into FortiSOC, a Full Admin can assign another predefined or custom role for the user in the FortiSOC GUI. The newly assigned role will be applied to the user when they next login.

Predefined roles

The following predefined roles are available to control user access within the FortiSOC GUI.

Role	Description
Analyst	Responsible for Case Investigation and other remediation and containment-related tasks. This is the core operation role in the SOC for continuous monitoring and response. The analysts can monitor alerts and manage cases; they can also review information that supports triage, such as assets/identities, attachments, dashboards, vulnerabilities, and more. However, they cannot add devices, configure agents, or manage users.
Full Admin	Essentially the root user, use carefully. Responsible for managing users, data ingestion, and system configuration for FortiSOC. They also have full access to all other features in FortiSOC, so they can perform the duties of the analysts as needed as well.
FortiSOC Agent	Agent appliances will be auto-assigned this role. Defaults to access to files and attachments.
Read-Only Admin	Access with viewing rights only, no editing or modification capabilities.

The table below lists the default permissions for the predefined roles. The following permissions can be defined for each module:

Read & Write: the user can view and make changes in the FortiSOC module.
Read Only: the user can only view information in the FortiSOC module.
None: the user can neither view or make changes in the FortiSOC module.

Module	Analyst	Full Admin	FortiSOC Agent	Read-Only Admin
Agents	Read Only	Read & Write	Read Only	Read Only
Alerts	Read & Write	Read & Write	None	Read Only
Analytics	Read Only	Read & Write	None	Read Only
Analyzer	Read Only	Read & Write	None	Read Only
Announcements	Read & Write	Read & Write	None	Read Only
Appliances	Read Only	Read & Write	None	Read Only
Application	Read Only	Read & Write	Read Only	Read Only
Approvals	Read & Write	Read & Write	None	Read Only
Assets	Read & Write	Read & Write	None	Read Only
Attachments	Read & Write	Read & Write	None	Read Only
Audit Log Activities	Read Only	Read & Write	None	Read Only
CMDB	Read Only	Read & Write	None	Read Only
CVEs	Read & Write	Read & Write	None	Read Only
Campaigns	Read & Write	Read & Write	None	Read Only
Comment	Read & Write	Read & Write	None	Read Only
Communications	Read & Write	Read & Write	None	Read Only
Companies	Read Only	Read & Write	None	Read Only
Connectors	Read Only	Read & Write	None	Read Only
Content Hub	Read Only	Read & Write	None	Read Only
Dashboard	Read & Write	Read & Write	None	Read Only
Data Archival	Read Only	Read & Write	None	Read Only
Email Templates	Read & Write	Read & Write	Read Only	Read Only
Escalation Rules	Read & Write	Read & Write	None	Read Only
Events	Read & Write	Read & Write	None	Read Only
FAZ Reports	Read Only	Read & Write	None	Read Only
Files	Read & Write	Read & Write	None	Read Only
Groups	Read Only	Read & Write	None	Read Only
Hunts	Read & Write	Read & Write	None	Read Only
Identities	Read & Write	Read & Write	None	Read Only
Incidents	Read & Write	Read & Write	None	Read Only
Indicators	Read & Write	Read & Write	None	Read Only
Key Store	Read Only	Read & Write	None	Read Only
Leave Schedules	Read Only	Read & Write	None	Read Only
Mitigations	Read Only	Read & Write	None	Read Only
Notification Rules	Read & Write	Read & Write	None	Read Only
People	Read Only	Read & Write	None	Read Only
Playbooks	Read & Write	Read & Write	None	Read Only
Preprocessing Rules	Read & Write	Read & Write	None	Read Only
Queues	Read Only	Read & Write	None	Read Only
Reporting	Read & Write	Read & Write	None	Read Only
Secure Message Exchange	Read Only	Read & Write	None	Read Only
SLA Templates	Read & Write	Read & Write	None	Read Only
Saved Reports	Read Only	Read & Write	None	Read Only
Scans	Read Only	Read & Write	None	Read Only
Scenario	Read Only	Read & Write	None	Read Only
Schedules	Read & Write	Read & Write	None	Read Only
Security	None	Read & Write	None	Read Only
Shifts	Read & Write	Read & Write	None	Read Only
Software	Read Only	Read & Write	None	Read Only
Solution Packs	Read Only	Read & Write	None	Read Only
Sub-techniques	Read & Write	Read & Write	None	Read Only
Tactics	Read & Write	Read & Write	None	Read Only
Tasks	Read & Write	Read & Write	None	Read Only
Techniques	Read & Write	Read & Write	None	Read Only
Tenants	Read Only	Read & Write	None	Read Only
Threat Actors	Read Only	Read & Write	None	Read Only
Threat Intel Feed	Read Only	Read & Write	None	Read Only
Threat Intel Reports	Read Only	Read & Write	None	Read Only
Vulnerabilities	Read & Write	Read & Write	None	Read Only
War Rooms	Read & Write	Read & Write	None	Read Only
Widgets	Read Only	Read & Write	None	Read Only
Workspaces	Read & Write	Read & Write	None	Read Only

Creating custom roles

Roles can be created and viewed in Settings > Security Management > Roles. The predefined roles are listed in the table view. Click Add to create new roles, if needed.

When adding a new role, you must configure the following:

Option	Description
Role Name	Enter a role name; the purpose of the role should be clear according to the name.
Description	(Optional) Enter a description for the role.
Set Role Permissions	Set the permission (Read & Write, Read Only, or None) for each of the modules. The modules listed in the roles' permission table represent discrete areas or record sets within FortiSOC. Some of these modules are accessible within the navigation tree on the left, while others are available from within the global settings for administrators. The administrator modules in the list often refer to the main module, and they control permissions for all sub-menus or tabs within that module. For example, the Security module controls access for all user related menus under Settings > Security Management: Teams, Roles, Users, and so on.

Option

Description

Role Name

Enter a role name; the purpose of the role should be clear according to the name.

Description

(Optional) Enter a description for the role.

Set Role Permissions

Set the permission (Read & Write, Read Only, or None) for each of the modules.

The modules listed in the roles' permission table represent discrete areas or record sets within FortiSOC. Some of these modules are accessible within the navigation tree on the left, while others are available from within the global settings for administrators.

The administrator modules in the list often refer to the main module, and they control permissions for all sub-menus or tabs within that module. For example, the Security module controls access for all user related menus under Settings > Security Management: Teams, Roles, Users, and so on.

Assigning roles

Roles can be assigned in Settings > Security Management > Users.

When editing a user, select from the list of available roles. The user will be restricted to the permissions defined in the selected roles.

Users can be assigned multiple roles. Each role granted to a user is additive to their overall RBAC permission set. Therefore, a user's RBAC permissions are an aggregation of all the permissions granted to them by each role they are assigned.

Role-based access control (RBAC)

Role-based access controls (RBAC) for modules within the FortiSOC GUI are managed using Roles in FortiSOC.

When creating IAM users, the permission profile will determine the predefined role assigned to the user in FortiSOC.

Admin: Full Admin role
Read / Write: Analyst role
Read Only: Read-Only Admin role
Custom: Read-Only Admin role. Once the Custom user logs into FortiSOC, a Full Admin can assign another predefined or custom role for the user in the FortiSOC GUI. The newly assigned role will be applied to the Custom user when they next login. See Creating custom roles and Assigning roles.

Predefined roles

The following predefined roles are available to control user access within the FortiSOC GUI.

Role	Description
Analyst	Responsible for Case Investigation and other remediation and containment-related tasks. This is the core operation role in the SOC for continuous monitoring and response. The analysts can monitor alerts and manage cases; they can also review information that supports triage, such as assets/identities, attachments, dashboards, vulnerabilities, and more. However, they cannot add devices, configure agents, or manage users.
Full Admin	Essentially the root user, use carefully. Responsible for managing users, data ingestion, and system configuration for FortiSOC. They also have full access to all other features in FortiSOC, so they can perform the duties of the analysts as needed as well.
FortiSOC Agent	Agent appliances will be auto-assigned this role. Defaults to access to files and attachments.
Read-Only Admin	Access with viewing rights only, no editing or modification capabilities.

The table below lists the default permissions for the predefined roles. The following permissions can be defined for each module:

Read & Write: the user can view and make changes in the FortiSOC module.
Read Only: the user can only view information in the FortiSOC module.
None: the user can neither view or make changes in the FortiSOC module.

Module	Analyst	Full Admin	FortiSOC Agent	Read-Only Admin
Agents	Read Only	Read & Write	Read Only	Read Only
Alerts	Read & Write	Read & Write	None	Read Only
Analytics	Read Only	Read & Write	None	Read Only
Analyzer	Read Only	Read & Write	None	Read Only
Announcements	Read & Write	Read & Write	None	Read Only
Appliances	Read Only	Read & Write	None	Read Only
Application	Read Only	Read & Write	Read Only	Read Only
Approvals	Read & Write	Read & Write	None	Read Only
Assets	Read & Write	Read & Write	None	Read Only
Attachments	Read & Write	Read & Write	None	Read Only
Audit Log Activities	Read Only	Read & Write	None	Read Only
CMDB	Read Only	Read & Write	None	Read Only
CVEs	Read & Write	Read & Write	None	Read Only
Campaigns	Read & Write	Read & Write	None	Read Only
Comment	Read & Write	Read & Write	None	Read Only
Communications	Read & Write	Read & Write	None	Read Only
Companies	Read Only	Read & Write	None	Read Only
Connectors	Read Only	Read & Write	None	Read Only
Content Hub	Read Only	Read & Write	None	Read Only
Dashboard	Read & Write	Read & Write	None	Read Only
Data Archival	Read Only	Read & Write	None	Read Only
Email Templates	Read & Write	Read & Write	Read Only	Read Only
Escalation Rules	Read & Write	Read & Write	None	Read Only
Events	Read & Write	Read & Write	None	Read Only
FAZ Reports	Read Only	Read & Write	None	Read Only
Files	Read & Write	Read & Write	None	Read Only
Groups	Read Only	Read & Write	None	Read Only
Hunts	Read & Write	Read & Write	None	Read Only
Identities	Read & Write	Read & Write	None	Read Only
Incidents	Read & Write	Read & Write	None	Read Only
Indicators	Read & Write	Read & Write	None	Read Only
Key Store	Read Only	Read & Write	None	Read Only
Leave Schedules	Read Only	Read & Write	None	Read Only
Mitigations	Read Only	Read & Write	None	Read Only
Notification Rules	Read & Write	Read & Write	None	Read Only
People	Read Only	Read & Write	None	Read Only
Playbooks	Read & Write	Read & Write	None	Read Only
Preprocessing Rules	Read & Write	Read & Write	None	Read Only
Queues	Read Only	Read & Write	None	Read Only
Reporting	Read & Write	Read & Write	None	Read Only
Secure Message Exchange	Read Only	Read & Write	None	Read Only
SLA Templates	Read & Write	Read & Write	None	Read Only
Saved Reports	Read Only	Read & Write	None	Read Only
Scans	Read Only	Read & Write	None	Read Only
Scenario	Read Only	Read & Write	None	Read Only
Schedules	Read & Write	Read & Write	None	Read Only
Security	None	Read & Write	None	Read Only
Shifts	Read & Write	Read & Write	None	Read Only
Software	Read Only	Read & Write	None	Read Only
Solution Packs	Read Only	Read & Write	None	Read Only
Sub-techniques	Read & Write	Read & Write	None	Read Only
Tactics	Read & Write	Read & Write	None	Read Only
Tasks	Read & Write	Read & Write	None	Read Only
Techniques	Read & Write	Read & Write	None	Read Only
Tenants	Read Only	Read & Write	None	Read Only
Threat Actors	Read Only	Read & Write	None	Read Only
Threat Intel Feed	Read Only	Read & Write	None	Read Only
Threat Intel Reports	Read Only	Read & Write	None	Read Only
Vulnerabilities	Read & Write	Read & Write	None	Read Only
War Rooms	Read & Write	Read & Write	None	Read Only
Widgets	Read Only	Read & Write	None	Read Only
Workspaces	Read & Write	Read & Write	None	Read Only

Creating custom roles

Roles can be created and viewed in Settings > Security Management > Roles. The predefined roles are listed in the table view. Click Add to create new roles, if needed.

When adding a new role, you must configure the following:

Option	Description
Role Name	Enter a role name; the purpose of the role should be clear according to the name.
Description	(Optional) Enter a description for the role.
Set Role Permissions	Set the permission (Read & Write, Read Only, or None) for each of the modules. The modules listed in the roles' permission table represent discrete areas or record sets within FortiSOC. Some of these modules are accessible within the navigation tree on the left, while others are available from within the global settings for administrators. The administrator modules in the list often refer to the main module, and they control permissions for all sub-menus or tabs within that module. For example, the Security module controls access for all user related menus under Settings > Security Management: Teams, Roles, Users, and so on.

Option

Description

Role Name

Enter a role name; the purpose of the role should be clear according to the name.

Description

(Optional) Enter a description for the role.

Set Role Permissions

Set the permission (Read & Write, Read Only, or None) for each of the modules.

Assigning roles

Roles can be assigned in Settings > Security Management > Users.

When editing a user, select from the list of available roles. The user will be restricted to the permissions defined in the selected roles.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

Web Application / API Protection

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

All Products

Administration Guide

Role-based access control (RBAC)

Role-based access control (RBAC)

Predefined roles

Creating custom roles

Assigning roles

Role-based access control (RBAC)

Role-based access control (RBAC)

Predefined roles

Creating custom roles

Assigning roles