Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ddiez
New Contributor III

Created on ‎04-29-2024 07:58 AM

FortiPAM - Permissions for template "Web Account"

Hi there,

 

I did several tests but it seems - really?? - that the template type "Web Account" acts with completely different permission settings in the background than other launchers.

 

Testing with launcher like PuTTY or WinSCP or RDP ... I could test this with a user that should only be able to see the entry and can launch this - so using the permission type "Viewer" - without beeing aware ot the stored password nor can change this secret. So far, this is running fine with several launcher types.

 

The same scenario using a "Web Account" secret is not possible. It seems as "Launch target" could be possible for the test user (with "View" permission for this target as well as for the underlaying folder) because it is not greyed out in the secret list. But clicking on "Launch Secret" leads to the details of the entry - and there the mouse over message over the (now greyed out "Web Launcher") tells me that this launcher cannot be started because of not enough permissions.

 

(Attached two pictures)

 

So, this would mean that every user that only commit the launch for a web-target-secret must have at least "Editor" privilge status with the option to see the stored password?? I cannot imagine that this really meant to be the way, would be very dissapointing for me. We are using the actual version 1.3.0 of ForitPAM.

 

Looking forward to hearing from you. Thanks in advance.

 

Kind regards,

Daniel

 

 

 

FortiPAM_Web-Account_1.png

 

 

FortiPAM_Web-Account_2.png

 

 

 

KuC
KuC
Labels:
880
0 Kudos
13 REPLIES 13
rbraha
Staff
Staff

Created on ‎05-24-2024 06:34 AM

Hi @ddiez 

Config. from screenshots seems ok, can you please address it with a ticket so we can troubleshoot it.

195
ddiez
New Contributor III

Created on ‎05-24-2024 06:38 AM

I would like to do so, but due to missing subscription I cannot place a ticket for this product. We are in the phase of trial evaluation (proof-of-concept) for this product.

KuC
KuC
192
0 Kudos
ddiez
New Contributor III

Created on ‎06-10-2024 03:21 AM

Actually this problem has been submitted as ticket to the support at Fortinet. I am excited for the resolution of this behaviour.

KuC
KuC
90
Anthony_E
Community Manager
Community Manager

Created on ‎06-10-2024 03:24 AM

Hi KuC,

 

Thank you for this info and do not hesitate to share the support solution once you get it :)!

 

Regards,

Anthony-Fortinet Community Team.
87
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.