Admin role permissions reference
The following tables list the permissions available when configuring an admin role. The tables also include a description of what the permission allows the user to do and a link to the relevant section in this guide.
Permissions that apply to Chromebook management are denoted with an asterisk (*).
Endpoint permissions
Permission |
Link to description |
---|---|
Manage LDAPs | Manage connections to LDAP servers to import users from. See Configuring user accounts. |
Manage Google domains* | Manage connections to Google domains to decide which Chromebooks to manage. See Google Domains. |
Manage custom groups | Create, rename, and edit groups to manage endpoints. See Managing a group. |
Run commands on endpoints | Perform actions to endpoints on the Endpoints pane, including uploading FortiClient logs, requesting diagnostic results, and so on. See Managing endpoints. |
Block/Unblock/Quarantine/Unquarantine/Reregister endpoints |
Manage endpoint access to the network through blocking, quarantine, and registration. See Managing endpoints. |
Manage and assign endpoint policies | |
View group assignment rules |
View group assignment rules. See Group assignment rules. |
Manage group assignment rules |
Create, delete, and edit group assignment rules. See Group assignment rules. |
View endpoint filter bookmarks |
View endpoint filter bookmarks. See Using bookmarks to filter the list of endpoints. |
Manage endpoint filter bookmarks |
Create, delete, and edit endpoint filter bookmarks. See Using bookmarks to filter the list of endpoints. |
View quarantine management |
View lists of quarantined and allowlisted files. See Quarantine Management. |
Manage quarantine management |
Allowlist and restore quarantined files and remove files from the allowlist. See Quarantine Management. |
View software inventory |
See Software Inventory. |
Manage software inventory |
See Software Inventory. |
Policy permissions
Permission |
Link to description |
---|---|
View endpoint policies* |
View endpoint policies. See Endpoint Policy & Components. |
View endpoint profiles* | View endpoint profiles. See Endpoint Profiles. |
Manage endpoint profiles* | Create, delete, and edit endpoint profiles. See Endpoint Profiles. |
View Zero Trust tagging rules |
View Zero Trust tagging rules. See Zero Trust Tagging Rules. |
Manage Zero Trust tagging rules |
Create, delete, and edit Zero Trust tagging rules. See Zero Trust Tagging Rules. |
View Zero Trust telemetry server lists | View Telemetry server lists. |
Manage Zero Trust telemetry server lists | Create, delete, and edit Telemetry server lists. |
View installers |
View installers. FortiClient Installer. |
Manage installers |
Create, delete, and edit installers. See FortiClient Installer. |
View CA certificates |
View CA certificates. See CA Certificates. |
Manage CA certificates |
Upload, import, and delete CA certificates. See CA Certificates. |
View on-fabric detection rules |
View on-fabric detection rules. See On-fabric Detection Rules. |
Manage on-fabric detection rules |
Create, delete, and edit on-fabric detection rules. See On-fabric Detection Rules. |
Setting permissions
Permission |
Link to description |
---|---|
View server settings* | View Server settings. See Configuring EMS settings |
Manage server settings* | Modify Server settings. See Configuring EMS settings. |
View Fortinet services settings | View FortiGuard Services settings. See Configuring FortiGuard Services settings. |
Manage Fortinet services settings | Modify FortiGuard Services settings. See Configuring FortiGuard Services settings. |
View endpoint settings |
View Endpoints settings. See Configuring EMS settings. |
Manage endpoint settings |
Modify Endpoints settings. See Configuring EMS settings. |
View login banner settings* |
View login banner settings. See Configuring EMS settings. |
Manage login banner settings* |
Modify login banner settings. See Configuring EMS settings. |
View alert settings* |
View Alerts settings. See Alerts. |
Manage alert settings* |
Modify Alerts settings. See Alerts. |
View custom message settings |
View endpoint quarantine message settings. See Customizing the endpoint quarantine message. |
Manage custom message settings |
Modify endpoint quarantine message settings. See Customizing the endpoint quarantine message. |
View feature select settings |
View feature select settings. See Feature Select. |
Manage feature select settings |
Modify feature select settings. See Feature Select. |