Fortinet black logo

Administration Guide

Admin Profiles

Copy Link
Copy Doc ID 63cab9f6-5858-11ec-bdf2-fa163e15d75b:86832
Download PDF

Admin Profiles

Use administrator profiles to control administrator access privileges to system features. When you create an administrator account, you assign a profile to the account.

You cannot modify or delete the following predefined administrator profiles:

  • Super Admin has access to all functionality.
  • Read only has read-only access.

Only users with the Super Admin profile can create, edit, and delete administrator profiles. Users can create, edit, and delete administrator profiles if they have Read Write privilege in their profile.

The Menu Access section has the following settings:

None

User cannot view or make changes to that page.

Read Only

User can view but not make any change to that page, except session-related user settings such as Table Customization, Dashboard, or Attack Map filter.

Read Write

User can view and make changes to that page.

The CLI Commands section has the following settings:

None

User cannot execute CLI commands.

Execute

User can execute CLI commands.

To create an Administrator Profile:
  1. Go to System > Admin Profiles.
  2. Click Create New.
  3. Specify the Profile Name.
  4. If you wish, add a Comment.
  5. Specify the privileges for Menu Access:
    • Dashboard
      • Dashboard
    • Central Management
      • Appliance
    • Deception
      • Customization
      • Deception OS
      • Deployment Network
      • Deployment Wizard
      • Decoy & Lure Status
      • Deployment Map
      • Safe List
    • Incident
      • Analysis
      • Campaign
      • Attack Map
    • Fabric
      • Integration Devices
      • Quarantine Status
      • IOC Export
    • Network
      • Interfaces
      • System DNS
      • System Routing
    • System
      • Administrators
      • Admin Profiles
      • Certificates
      • LDAP Servers
      • RADIUS Servers
      • Mail Server
      • SNMP
      • FortiGuard
      • Settings
      • Login Disclaimer
      • System Settings
      • Table Customization
    • Log
      • All Events
      • Log Servers
  6. Specify the privileges for CLI Commands:
    • Configuration
      • Set
      • Unset
    • System
      • Reboot
      • Shutdown
      • Reset Configuration
      • Factory Reset
      • Firmware Upgrade
      • Reset Widgets
      • IP Tables
      • test-network
      • usg-license
      • Set Confirm ID for Windows VM
      • List VM License
      • Show VM Status
      • VM reset
      • DC Image Status
      • Set Maintainer
      • Set Timeout for Remote Auth
      • Data Purge
      • Log Purge
      • DMZ Mode
      • FDN Package Information
      • Fabric Binding
      • Central Management Settings
    • Utilities
      • TCP Dump
      • Trace Route
    • Diagnostics
      • Disk Attributes
      • Disk Errors
      • Disk Health
      • Disk Info
      • Raid Hardware Info
      • Hardware Info
  7. Click Save.

Admin Profiles

Use administrator profiles to control administrator access privileges to system features. When you create an administrator account, you assign a profile to the account.

You cannot modify or delete the following predefined administrator profiles:

  • Super Admin has access to all functionality.
  • Read only has read-only access.

Only users with the Super Admin profile can create, edit, and delete administrator profiles. Users can create, edit, and delete administrator profiles if they have Read Write privilege in their profile.

The Menu Access section has the following settings:

None

User cannot view or make changes to that page.

Read Only

User can view but not make any change to that page, except session-related user settings such as Table Customization, Dashboard, or Attack Map filter.

Read Write

User can view and make changes to that page.

The CLI Commands section has the following settings:

None

User cannot execute CLI commands.

Execute

User can execute CLI commands.

To create an Administrator Profile:
  1. Go to System > Admin Profiles.
  2. Click Create New.
  3. Specify the Profile Name.
  4. If you wish, add a Comment.
  5. Specify the privileges for Menu Access:
    • Dashboard
      • Dashboard
    • Central Management
      • Appliance
    • Deception
      • Customization
      • Deception OS
      • Deployment Network
      • Deployment Wizard
      • Decoy & Lure Status
      • Deployment Map
      • Safe List
    • Incident
      • Analysis
      • Campaign
      • Attack Map
    • Fabric
      • Integration Devices
      • Quarantine Status
      • IOC Export
    • Network
      • Interfaces
      • System DNS
      • System Routing
    • System
      • Administrators
      • Admin Profiles
      • Certificates
      • LDAP Servers
      • RADIUS Servers
      • Mail Server
      • SNMP
      • FortiGuard
      • Settings
      • Login Disclaimer
      • System Settings
      • Table Customization
    • Log
      • All Events
      • Log Servers
  6. Specify the privileges for CLI Commands:
    • Configuration
      • Set
      • Unset
    • System
      • Reboot
      • Shutdown
      • Reset Configuration
      • Factory Reset
      • Firmware Upgrade
      • Reset Widgets
      • IP Tables
      • test-network
      • usg-license
      • Set Confirm ID for Windows VM
      • List VM License
      • Show VM Status
      • VM reset
      • DC Image Status
      • Set Maintainer
      • Set Timeout for Remote Auth
      • Data Purge
      • Log Purge
      • DMZ Mode
      • FDN Package Information
      • Fabric Binding
      • Central Management Settings
    • Utilities
      • TCP Dump
      • Trace Route
    • Diagnostics
      • Disk Attributes
      • Disk Errors
      • Disk Health
      • Disk Info
      • Raid Hardware Info
      • Hardware Info
  7. Click Save.