Fortinet white logo
Fortinet white logo

EMS Administration Guide

Admin role permissions reference

Admin role permissions reference

The following tables list the permissions available when configuring an admin role. The tables also include a description of what the permission allows the user to do and a link to the relevant section in this guide.

Permissions that apply to Chromebook management are denoted with an asterisk (*).

Endpoint permissions

Permission

Link to description

Manage LDAPs Manage connections to LDAP servers to import users from. See Configuring user accounts.
Manage Google domains* Manage connections to Google domains to decide which Chromebooks to manage. See Google Domains.
Manage custom groups Create, rename, and edit groups to manage endpoints. See Managing groups.
Run commands on endpoints Perform actions to endpoints on the Endpoints pane, including uploading FortiClient logs, requesting diagnostic results, and so on. See Managing endpoints.

Block/Unblock/Quarantine/Unquarantine/Reregister endpoints

Manage endpoint access to the network through blocking, quarantine, and registration. See Managing endpoints.

Manage and assign endpoint policies

See Endpoint Policy & Components.

View group assignment rules

View group assignment rules. See Group assignment rules.

Manage group assignment rules

Create, delete, and edit group assignment rules. See Group assignment rules.

View endpoint filter bookmarks

View endpoint filter bookmarks. See Using bookmarks to filter the list of endpoints.

Manage endpoint filter bookmarks

Create, delete, and edit endpoint filter bookmarks. See Using bookmarks to filter the list of endpoints.

View quarantine management

View lists of quarantined and allowlisted files. See Quarantine Management.

Manage quarantine management

Allowlist and restore quarantined files and remove files from the allowlist. See Quarantine Management.

View software inventory

See Software Inventory.

Manage software inventory

See Software Inventory.

Policy permissions

Permission

Link to description

View endpoint policies*

View endpoint policies. See Endpoint Policy & Components.

View endpoint profiles* View endpoint profiles. See Endpoint Profiles.
Manage endpoint profiles* Create, delete, and edit endpoint profiles. See Endpoint Profiles.

View Zero Trust tagging rules

View Zero Trust tagging rules. See Zero Trust Tagging Rules.

Manage Zero Trust tagging rules

Create, delete, and edit Zero Trust tagging rules. See Zero Trust Tagging Rules.

View Zero Trust telemetry server lists View Telemetry server lists.
Manage Zero Trust telemetry server lists Create, delete, and edit Telemetry server lists.

View installers

View installers. FortiClient Installer.

Manage installers

Create, delete, and edit installers. See FortiClient Installer.

View CA certificates

View CA certificates. See CA Certificates.

Manage CA certificates

Upload, import, and delete CA certificates. See CA Certificates.

View on-fabric detection rules

View on-fabric detection rules. See On-fabric Detection Rules.

Manage on-fabric detection rules

Create, delete, and edit on-fabric detection rules. See On-fabric Detection Rules.

Setting permissions

Permission

Link to description

View server settings* View Server settings. See Configuring EMS settings
Manage server settings* Modify Server settings. See Configuring EMS settings.
View Fortinet services settings View FortiGuard Services settings. See Configuring FortiGuard Services settings.
Manage Fortinet services settings Modify FortiGuard Services settings. See Configuring FortiGuard Services settings.

View endpoint settings

View Endpoints settings. See Configuring EMS settings.

Manage endpoint settings

Modify Endpoints settings. See Configuring EMS settings.

View login banner settings*

View login banner settings. See Configuring EMS settings.

Manage login banner settings*

Modify login banner settings. See Configuring EMS settings.

View alert settings*

View Alerts settings. See Alerts.

Manage alert settings*

Modify Alerts settings. See Alerts.

View custom message settings

View endpoint quarantine message settings. See Customizing the endpoint quarantine message.

Manage custom message settings

Modify endpoint quarantine message settings. See Customizing the endpoint quarantine message.

View feature select settings

View feature select settings. See Feature Select.

Manage feature select settings

Modify feature select settings. See Feature Select.

Admin role permissions reference

Admin role permissions reference

The following tables list the permissions available when configuring an admin role. The tables also include a description of what the permission allows the user to do and a link to the relevant section in this guide.

Permissions that apply to Chromebook management are denoted with an asterisk (*).

Endpoint permissions

Permission

Link to description

Manage LDAPs Manage connections to LDAP servers to import users from. See Configuring user accounts.
Manage Google domains* Manage connections to Google domains to decide which Chromebooks to manage. See Google Domains.
Manage custom groups Create, rename, and edit groups to manage endpoints. See Managing groups.
Run commands on endpoints Perform actions to endpoints on the Endpoints pane, including uploading FortiClient logs, requesting diagnostic results, and so on. See Managing endpoints.

Block/Unblock/Quarantine/Unquarantine/Reregister endpoints

Manage endpoint access to the network through blocking, quarantine, and registration. See Managing endpoints.

Manage and assign endpoint policies

See Endpoint Policy & Components.

View group assignment rules

View group assignment rules. See Group assignment rules.

Manage group assignment rules

Create, delete, and edit group assignment rules. See Group assignment rules.

View endpoint filter bookmarks

View endpoint filter bookmarks. See Using bookmarks to filter the list of endpoints.

Manage endpoint filter bookmarks

Create, delete, and edit endpoint filter bookmarks. See Using bookmarks to filter the list of endpoints.

View quarantine management

View lists of quarantined and allowlisted files. See Quarantine Management.

Manage quarantine management

Allowlist and restore quarantined files and remove files from the allowlist. See Quarantine Management.

View software inventory

See Software Inventory.

Manage software inventory

See Software Inventory.

Policy permissions

Permission

Link to description

View endpoint policies*

View endpoint policies. See Endpoint Policy & Components.

View endpoint profiles* View endpoint profiles. See Endpoint Profiles.
Manage endpoint profiles* Create, delete, and edit endpoint profiles. See Endpoint Profiles.

View Zero Trust tagging rules

View Zero Trust tagging rules. See Zero Trust Tagging Rules.

Manage Zero Trust tagging rules

Create, delete, and edit Zero Trust tagging rules. See Zero Trust Tagging Rules.

View Zero Trust telemetry server lists View Telemetry server lists.
Manage Zero Trust telemetry server lists Create, delete, and edit Telemetry server lists.

View installers

View installers. FortiClient Installer.

Manage installers

Create, delete, and edit installers. See FortiClient Installer.

View CA certificates

View CA certificates. See CA Certificates.

Manage CA certificates

Upload, import, and delete CA certificates. See CA Certificates.

View on-fabric detection rules

View on-fabric detection rules. See On-fabric Detection Rules.

Manage on-fabric detection rules

Create, delete, and edit on-fabric detection rules. See On-fabric Detection Rules.

Setting permissions

Permission

Link to description

View server settings* View Server settings. See Configuring EMS settings
Manage server settings* Modify Server settings. See Configuring EMS settings.
View Fortinet services settings View FortiGuard Services settings. See Configuring FortiGuard Services settings.
Manage Fortinet services settings Modify FortiGuard Services settings. See Configuring FortiGuard Services settings.

View endpoint settings

View Endpoints settings. See Configuring EMS settings.

Manage endpoint settings

Modify Endpoints settings. See Configuring EMS settings.

View login banner settings*

View login banner settings. See Configuring EMS settings.

Manage login banner settings*

Modify login banner settings. See Configuring EMS settings.

View alert settings*

View Alerts settings. See Alerts.

Manage alert settings*

Modify Alerts settings. See Alerts.

View custom message settings

View endpoint quarantine message settings. See Customizing the endpoint quarantine message.

Manage custom message settings

Modify endpoint quarantine message settings. See Customizing the endpoint quarantine message.

View feature select settings

View feature select settings. See Feature Select.

Manage feature select settings

Modify feature select settings. See Feature Select.