I try to create a new user role named "service station admin" and assign to a user called "srvadmin". This user role only can view network device within this network range 192.x.x.x and 172.x.x.x. In these network segment, most of it are network devices plus some network devices is belongs to this network range (10.x.x.x).So i want to hide those device in that network range.
Could anyone help me check is there any wrong configuration on this user role and anything I need to check?
I referred and tried the solution as the link you provided and configure which initially posted before. As result it doesn't work to me and CMDB listing still can see 10.x.x.x network segment device. the thing is from the CMDB > network segment, that network segment not shows 10.x.x.x.
I expect is 10.x.x.x network segment device wouldn't show in CMDB devices again.
I talked with one of our experts and there don't appear to be any obvious issues in your screenshots. We recommend you open a support ticket. We can help you collect debug logs from the appserver while the user attempts actions or to view items they shouldn't be able to.
Sorry we can't be of more help on the forum at the moment, but our support team will be able to help you more.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.