Role Settings

FortiSIEM provides performance, availability, and environmental alerts, as well as change and security monitoring for network devices, servers and applications. It is difficult for one admin to monitor across the entire spectrum of available information. In addition, devices may be in widely distributed geographical and administratively disjointed locations. Role-based access control provides a way to partition the FortiSIEM administrative responsibilities across multiple admins.

A role defines two aspects of a user's interaction with the FortiSIEM platform:

  • Which user interface elements a user can see and the ability to use the associated Read/Write/Execute permissions. As an example, the built-in Executive role can see only the dashboard, while the Server Admin role cannot see network devices. Role permissions can be defined to the attribute level in which, for example, a Tier1 Network Admin role can see network devices but not their configurations.
  • What data can the user see. For example, consider a Windows Admin role and a Unix Admin role. They both can run the same reports, but the Windows admins sees only logs from Windows devices. This definition can also be fine-grained, for example one Windows admin sub-role can be defined to see Windows performance metrics, while another Windows admin sub-role can see Windows authentication logs.

    To perform any action with FortiSIEM, a user must be assigned a role with the required permissions. The roles listed in this table are default roles.
    RolePermissions
    DB AdminFull access to the database servers part of the GUI and full access to logs from those devices.
    ExecutiveView access to the Business Service dashboard and personalized My Dashboard tabs, but reports can be populated by logs from any device.
    Full AdminFull access to the GUI and full access to the data. Only this role can define roles, create users and map users to roles.
    Help DeskAccess to the Admin, CMDB, and Dashboard tabs, with view and run permissions for the Analytics and Incidents tabs.
    Network AdminFull access to the network device portion of the GUI and full access to logs from network devices.
    Read Only AdminView access to all tabs and permission to run reports.
    Security AdminFull access to Security aspects of all devices.
    Server AdminFull access to the Server part of the GUI and full access to logs from those devices
    Storage AdminFull access to the Storage device part of the GUI and full access to logs from those devices
    System AdminFull access to the Server/Workstation/Storage part of the GUI and full access to logs from those devices
    Unix Server AdminFull access to the Unix Server part of the GUI and full access to logs from those devices
    Windows Server AdminFull access to the Windows Server part of the GUI and full access to logs from those devices

The following section describes the procedures to create custom roles and permissions:

Adding a new role

  1. Go to ADMIN > General Settings > Role.
  2. Click New.
  3. Enter a Role Name and Description.
  4. Enter the Data Conditions for this role. 

    This restricts access to the event/log data that is available to the user, and will be appended to any query that is submitted by users with this role. This applies to both Real-Time and Historical searches, as well as Report and Dashboard information.
  5. Enter the CMDB Report Conditions for this role.

    This restricts access to the reports for devices, users, and monitors that are available to the user with this role.  
  6. Select the UI Access conditions for this role.
  7. This defines the user interface elements that can be accessed by users with this role. By default, child nodes in the tree inherit the permissions of their immediate parent, however you can override those default permissions by explicitly editing the permission of the child node. The options for these settings are:
    • Full - No access restrictions.
    • Edit - The role can make changes to the UI element.
    • Run - The role can execute processes for the UI element.
    • View - The role can only view the UI element.  
    • Hide - The UI element is hidden from the role. 
Hiding Network Segments

If a Network Segment is marked as hidden for a user role, users with that role will not be able to see any of the devices whose IP addresses fall within that network segment, even if the CMDB folder(s) containing those devices have not been hidden.

Modifying a role

Follow the procedure below to modify a cloned or user defined role. (You cannot directly modify a system defined role):

  1. Select the role from the table.
  2. Click the required option:
    1. Edit to modify any role setting
    2. Delete to remove a role.
    3. Clone to duplicate a role.
  3. Click Save.