Fortinet white logo
Fortinet white logo

Admin Profiles

Admin Profiles

Administrator profiles are used to control administrator access privileges to system features. Profiles are assigned to administrator accounts when an administrator is created.

There are two predefined administrator profiles, which cannot be modified or deleted:

  • Super Admin: All functionality is accessible
  • Read only: Functionality is Read Only

Only the Super Admin user can create, edit, and delete administrator profiles. New users can create, edit, and delete administrator profiles if they are assigned the Read Write privilege in System > Admin Profiles page.

Settings for Menu Access:

None

The user cannot view or make changes to the system.

Read only

The user can view but not make any change to the system, except the session related user settings such as Table Customization/Dashboard/Attack Map filter

Read Write

The user can view and make changes to the system.

Settings for CLI Commands:

Execute

User can execute the CLI command.

None

User cannot execute the CLI command.

To create a new Administrator Profile:
  1. Go to System > Admin Profiles.
  2. Click Create New.
  3. Specify the Profile Name.
  4. Add a Comment.
  5. Specify the privileges for the Menu Access. Select None or Read Write for the following features:
    • Dashboard
      • Dashboard
    • Deception
      • Deception OS
      • Deployment Network
      • Deployment Wizard
      • Decoy & Lure Status
      • Decoy Map
      • Whitelist
    • Incident
      • Analysis
      • Campaign
      • Attack Map
    • Fabric
      • FortiGate Integration
      • Quarantine Status
      • IOC Export
    • Network
      • Interfaces
      • System DNS
      • System Routing
    • System
      • Administrators
      • Admin Profiles
      • Certificates
      • LDAP Servers
      • RADIUS Servers
      • Mail Server
      • SNMP
      • FortiGuard
      • Settings
      • Login Disclaimer
      • System Settings
      • Table Customization
      • test-network
      • fdn-pkg
    • Log
      • All Events
      • Log Servers
  6. Specify the privileges for the CLI Commands. Select None or Read Write for the following features:
    • Configuration
      • Set
      • Unset
    • System
      • Reboot
      • Shutdown
      • Reset Configuration
      • Factory Reset
      • Firmware Upgrade
      • Reset Widgets
      • IP Tables
      • test-network

      • usg-license

      • Upload VM Firmware License

      • Resize VM Hard Disk

      • Set Confirm ID for Windows VM
      • List VM License
      • Show VM Status
      • VM reset
      • DC Image Status

      • Set Maintainer
      • Set Timeout for Remote Auth
      • Data Purge

      • Log Purge
      • DMZ Mode

      • fdn-pkg

    • Utilities
      • TCP Dump
      • Trace Route
    • Diagnostics
      • Disk Attributes
      • Disk Errors
      • Disk Health
      • Disk Info
      • Raid Hardware Info
  7. Click Save.

Admin Profiles

Admin Profiles

Administrator profiles are used to control administrator access privileges to system features. Profiles are assigned to administrator accounts when an administrator is created.

There are two predefined administrator profiles, which cannot be modified or deleted:

  • Super Admin: All functionality is accessible
  • Read only: Functionality is Read Only

Only the Super Admin user can create, edit, and delete administrator profiles. New users can create, edit, and delete administrator profiles if they are assigned the Read Write privilege in System > Admin Profiles page.

Settings for Menu Access:

None

The user cannot view or make changes to the system.

Read only

The user can view but not make any change to the system, except the session related user settings such as Table Customization/Dashboard/Attack Map filter

Read Write

The user can view and make changes to the system.

Settings for CLI Commands:

Execute

User can execute the CLI command.

None

User cannot execute the CLI command.

To create a new Administrator Profile:
  1. Go to System > Admin Profiles.
  2. Click Create New.
  3. Specify the Profile Name.
  4. Add a Comment.
  5. Specify the privileges for the Menu Access. Select None or Read Write for the following features:
    • Dashboard
      • Dashboard
    • Deception
      • Deception OS
      • Deployment Network
      • Deployment Wizard
      • Decoy & Lure Status
      • Decoy Map
      • Whitelist
    • Incident
      • Analysis
      • Campaign
      • Attack Map
    • Fabric
      • FortiGate Integration
      • Quarantine Status
      • IOC Export
    • Network
      • Interfaces
      • System DNS
      • System Routing
    • System
      • Administrators
      • Admin Profiles
      • Certificates
      • LDAP Servers
      • RADIUS Servers
      • Mail Server
      • SNMP
      • FortiGuard
      • Settings
      • Login Disclaimer
      • System Settings
      • Table Customization
      • test-network
      • fdn-pkg
    • Log
      • All Events
      • Log Servers
  6. Specify the privileges for the CLI Commands. Select None or Read Write for the following features:
    • Configuration
      • Set
      • Unset
    • System
      • Reboot
      • Shutdown
      • Reset Configuration
      • Factory Reset
      • Firmware Upgrade
      • Reset Widgets
      • IP Tables
      • test-network

      • usg-license

      • Upload VM Firmware License

      • Resize VM Hard Disk

      • Set Confirm ID for Windows VM
      • List VM License
      • Show VM Status
      • VM reset
      • DC Image Status

      • Set Maintainer
      • Set Timeout for Remote Auth
      • Data Purge

      • Log Purge
      • DMZ Mode

      • fdn-pkg

    • Utilities
      • TCP Dump
      • Trace Route
    • Diagnostics
      • Disk Attributes
      • Disk Errors
      • Disk Health
      • Disk Info
      • Raid Hardware Info
  7. Click Save.