Description
This article describes how to launch a template with view permissions using a secret with Web Account template.
Scope
FortiPAM.
Solution
When launching a Web Account secret for accessing a web server or a web application platform, it is possible to see an error where the 'Web Launcher' is greyed out when launching the secret with user view permissions.
If giving the user permission to Edit, Web Launcher will be possible but in FortiPAM v1.3.0 it is enough to give the user view permissions but it is necessary to use Target as well with Web Proxy enabled.
To improve security, FortiPAM offers a new web proxy feature to dynamically operate on the web browser tab's PAC rule (on Google Chrome and Microsoft Edge) to successfully proxy the traffic to FortiPAM based on the configured domain. On Mozilla Firefox, FortiPAM sends the request to the web proxy instead.
In this example, a target will be created for accessing the FortiGate web interface:
A target is a server/device with a privileged account supporting RDP, SSH, Web, or other admin protocols. Target systems include Windows workstations, Windows domain controllers, Web servers, Unix servers, SQL- servers, routers, or firewalls.
It is possible to create targets for the secrets stored in FortiPAM. One target can be used for multiple secrets, if appropriate.
On this test, the user 'pirlo' will have view permissions on this secret.
When launching the secret the 'Web Launcher' field will be visible and it runs correctly.
