Fortinet white logo
Fortinet white logo

EMS Administration Guide

Admin roles

Admin roles

You can use admin roles to define the permissions each administrator account has in FortiClient EMS. You can use a default admin role in FortiClient EMS or create a new admin role to assign to an administrator account. Each admin role can include permissions from the following categories: endpoint, policy, and settings.

The following describes the default admin roles in FortiClient EMS. You cannot edit or delete these admin roles:

Name

Description

Super administrator

Most privileged admin role. Complete access to all FortiClient EMS permissions, including modification, user permissions, approval, discovery, and deployment. Only built-in role that has access to the Administration section of the GUI. Has access to all configured Windows and LDAP servers and users and authority to configure user privileges and permissions.

The default admin account is a super administrator. You cannot assign another admin role to the admin account.

Standard administrator

Includes all endpoint and policy permissions and read-only permissions to settings permissions.

Endpoint administrator

Includes all endpoint permissions and read-only permissions to policy and settings permissions.

Read-only administrator

Includes read-only permissions to endpoint, policy, and settings permissions.

Restricted administrator

No permissions enabled.

For admin roles that are not authorized for certain tasks or devices, EMS hides or disables the related menu items, items in content pages, and buttons.

Related Videos

sidebar video

Getting Started with EMS 7.0: Part 1

  • 2,921 views
  • 2 years ago

Admin roles

Admin roles

You can use admin roles to define the permissions each administrator account has in FortiClient EMS. You can use a default admin role in FortiClient EMS or create a new admin role to assign to an administrator account. Each admin role can include permissions from the following categories: endpoint, policy, and settings.

The following describes the default admin roles in FortiClient EMS. You cannot edit or delete these admin roles:

Name

Description

Super administrator

Most privileged admin role. Complete access to all FortiClient EMS permissions, including modification, user permissions, approval, discovery, and deployment. Only built-in role that has access to the Administration section of the GUI. Has access to all configured Windows and LDAP servers and users and authority to configure user privileges and permissions.

The default admin account is a super administrator. You cannot assign another admin role to the admin account.

Standard administrator

Includes all endpoint and policy permissions and read-only permissions to settings permissions.

Endpoint administrator

Includes all endpoint permissions and read-only permissions to policy and settings permissions.

Read-only administrator

Includes read-only permissions to endpoint, policy, and settings permissions.

Restricted administrator

No permissions enabled.

For admin roles that are not authorized for certain tasks or devices, EMS hides or disables the related menu items, items in content pages, and buttons.