Live session monitoring in FortiPAM is evaluated at the role level.

When a user role is granted access to live session monitoring, the visibility applies globally across the system.

This means that users with live monitoring permissions can view all active sessions, regardless of whether they have access to the underlying secrets associated with those sessions.

FortiPAM does not restrict live session visibility based on secret-level access, secret groups, or target-level entitlements. Live session monitoring is a security and auditing capability. Assign this permission only to administrative or security-focused roles. 

To enable live monitoring for a customized user role, follow the steps below:

1. Go to the Created user role -> System & Network, select 'Read' permission for Configurations.
2. Go to the Admin Settings tab, select 'Enable' for View Logs, and View Secret Launching Video.
3. Go to the User Management tab, configure as shown in the screen capture.

After configuring the above, re-login to FortiPAM with the user assigned to the user role. Verify that the user can perform live monitoring for any active user under Monitoring -> Active Sessions.