Object lists make it easier to manage user permissions by allowing an administrator to assign user permissions via list of objects.
An entry in an object list is an “object type” and “object name” pair. Once an object list is created, object list names are used as arguments to user context commands (see User Commands) to give a user permission to access objects in the list.
Object List Notes
Specifying an Object List When Creating or Modifying an Object
An objlist argument is optional when creating (or modifying) an FortiADC object, and adds an entry for the object to the specified object list. To add an entry to an object list, the user must have permission to create objects of the specified type in that object list.
Permission to create objects in an object list is given by the permit_objlist
command, as outlined in User Permissions.
read and write permissions on both the object list and the object to be added to the list (or have the admin flag set on the user definition).
Note - When a user creates an object, that user is given read, write, and delete permissions on that object. |