FortiCWP Access Management
FortiCWP role-based access control (FortiCWP RBAC) helps you manage who has access to what resources and what they can do specifically with those resources.
The way FortiCWP RBAC works is by creating a Profile that is a combination of Permission Group and a Resource Group then assign the profile to the user.
Permission Group and Resource Group
The Permission Group is a predefined group of permissions that determines the read/ write access on each module in FortiCWP such as Resource, Alert, etc.
The Resource Group is a custom group of resources that needs to be created before adding to a profile.
There are two predefined profiles that have access permission to both Container Protection and Workload Protection:
Global Admin Profile has both read and write access to all features and profile management.
Global Auditor Profile only has read access to all features and profile management.
The permission groups only have partial access to features on Workload or Container Protection.
Profile Creation and Management
Workload Protection Permission Group
Container Protection Permission Group
Global Settings Permission Group
Create Resource Group in Workload Protection
Create Resource Group in Container Protection
Create Profile Using Resource Group and Permission Group
Assign Profile to FortiCWP User
Switch Between Multiple Profiles