Admin user attributes can be set in the admin profile and override the individual admin settings 7.0.3
Admin user attributes such as RPC permission or Trusted Hosts can now be set in the admin profile (CLI only) and override the individual admin settings.
To override user attributes from admin profiles:
- In 7.0.2 and earlier, RPC permission and Trusted Hosts attributes can only be set in the admin user settings.
In 7.0.3, you can configure RPC permission and Trusted Host settings in an admin profile.
- Go to the FortiAnalyzer CLI and enter the following commands:
config system admin profile
edit <profile name>
set rpc-permit {none | read | read-write}
set trusthost1 <ip & netmask>
end
- Configure the admin user to use the
from-profile
option for therpc-permit
and/ortrusthost
attributes.
Enter the following commands in the FortiAnalyzer CLI:config system admin user
edit <admin user>
set rpc-permit from-profile
set trusthost1 from-profile
end
- When checking the admin user, you can see that rpc-permit and trusthost settings are followed by (from profile), indicating that these attributes are from the profile.
- In the FortiAnalyzer GUI, go to System Settings > Admin > Administrators.
The settings for rpc-permit and trusthost are greyed out, meaning they can no longer be modified in the GUI.