Fortinet white logo
Fortinet white logo

CLI Reference

config system accprofile

config system accprofile

Configure access profiles for system administrators.

config system accprofile
    Description: Configure access profiles for system administrators.
    edit <name>
        set admintimeout {integer}
        set admintimeout-override [enable|disable]
        set authgrp [none|read|...]
        set comments {var-string}
        set ftviewgrp [none|read|...]
        set fwgrp [none|read|...]
        config fwgrp-permission
            Description: Custom firewall permission.
            set policy [none|read|...]
            set address [none|read|...]
            set service [none|read|...]
            set schedule [none|read|...]
        end
        set loggrp [none|read|...]
        config loggrp-permission
            Description: Custom Log & Report permission.
            set config [none|read|...]
            set data-access [none|read|...]
            set report-access [none|read|...]
            set threat-weight [none|read|...]
        end
        set netgrp [none|read|...]
        config netgrp-permission
            Description: Custom network permission.
            set cfg [none|read|...]
            set packet-capture [none|read|...]
            set route-cfg [none|read|...]
        end
        set scope [vdom|global]
        set secfabgrp [none|read|...]
        set sysgrp [none|read|...]
        config sysgrp-permission
            Description: Custom system permission.
            set admin [none|read|...]
            set upd [none|read|...]
            set cfg [none|read|...]
            set mnt [none|read|...]
        end
        set utmgrp [none|read|...]
        config utmgrp-permission
            Description: Custom Security Profile permissions.
            set antivirus [none|read|...]
            set ips [none|read|...]
            set webfilter [none|read|...]
            set emailfilter [none|read|...]
            set data-loss-prevention [none|read|...]
            set application-control [none|read|...]
            set icap [none|read|...]
            set voip [none|read|...]
            set waf [none|read|...]
            set dnsfilter [none|read|...]
            set endpoint-control [none|read|...]
        end
        set vpngrp [none|read|...]
        set wanoptgrp [none|read|...]
        set wifi [none|read|...]
    next
end

config system accprofile

Parameter

Description

Type

Size

admintimeout

Administrator timeout for this access profile.

integer

Minimum value: 1 Maximum value: 480

admintimeout-override

Enable/disable overriding the global administrator idle timeout.

option

-

Option

Description

enable

Enable overriding the global administrator idle timeout.

disable

Disable overriding the global administrator idle timeout.

authgrp

Administrator access to Users and Devices.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

comments

Comment.

var-string

Maximum length: 255

ftviewgrp

FortiView.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

fwgrp

Administrator access to the Firewall configuration.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

custom

Customized access.

loggrp

Administrator access to Logging and Reporting including viewing log messages.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

custom

Customized access.

name

Profile name.

string

Maximum length: 35

netgrp

Network Configuration.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

custom

Customized access.

scope

Scope of admin access: global or specific VDOM(s).

option

-

Option

Description

vdom

VDOM access.

global

Global access.

secfabgrp

Security Fabric.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

sysgrp

System Configuration.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

custom

Customized access.

utmgrp

Administrator access to Security Profiles.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

custom

Customized access.

vpngrp

Administrator access to IPsec, SSL, PPTP, and L2TP VPN.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

wanoptgrp *

Administrator access to WAN Opt & Cache.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

wifi

Administrator access to the WiFi controller and Switch controller.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

* This parameter may not exist in some models.

config fwgrp-permission

Parameter

Description

Type

Size

policy

Policy Configuration.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

address

Address Configuration.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

service

Service Configuration.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

schedule

Schedule Configuration.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

config loggrp-permission

Parameter

Description

Type

Size

config

Log & Report configuration.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

data-access

Log & Report Data Access.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

report-access

Log & Report Report Access.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

threat-weight

Log & Report Threat Weight.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

config netgrp-permission

Parameter

Description

Type

Size

cfg

Network Configuration.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

packet-capture

Packet Capture Configuration.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

route-cfg

Router Configuration.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

config sysgrp-permission

Parameter

Description

Type

Size

admin

Administrator Users.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

upd

FortiGuard Updates.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

cfg

System Configuration.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

mnt

Maintenance.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

config utmgrp-permission

Parameter

Description

Type

Size

antivirus

Antivirus profiles and settings.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

ips

IPS profiles and settings.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

webfilter

Web Filter profiles and settings.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

emailfilter

AntiSpam filter and settings.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

data-loss-prevention

DLP profiles and settings.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

application-control

Application Control profiles and settings.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

icap

ICAP profiles and settings.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

voip

VoIP profiles and settings.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

waf

Web Application Firewall profiles and settings.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

dnsfilter

DNS Filter profiles and settings.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

endpoint-control

FortiClient Profiles.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

config system accprofile

config system accprofile

Configure access profiles for system administrators.

config system accprofile
    Description: Configure access profiles for system administrators.
    edit <name>
        set admintimeout {integer}
        set admintimeout-override [enable|disable]
        set authgrp [none|read|...]
        set comments {var-string}
        set ftviewgrp [none|read|...]
        set fwgrp [none|read|...]
        config fwgrp-permission
            Description: Custom firewall permission.
            set policy [none|read|...]
            set address [none|read|...]
            set service [none|read|...]
            set schedule [none|read|...]
        end
        set loggrp [none|read|...]
        config loggrp-permission
            Description: Custom Log & Report permission.
            set config [none|read|...]
            set data-access [none|read|...]
            set report-access [none|read|...]
            set threat-weight [none|read|...]
        end
        set netgrp [none|read|...]
        config netgrp-permission
            Description: Custom network permission.
            set cfg [none|read|...]
            set packet-capture [none|read|...]
            set route-cfg [none|read|...]
        end
        set scope [vdom|global]
        set secfabgrp [none|read|...]
        set sysgrp [none|read|...]
        config sysgrp-permission
            Description: Custom system permission.
            set admin [none|read|...]
            set upd [none|read|...]
            set cfg [none|read|...]
            set mnt [none|read|...]
        end
        set utmgrp [none|read|...]
        config utmgrp-permission
            Description: Custom Security Profile permissions.
            set antivirus [none|read|...]
            set ips [none|read|...]
            set webfilter [none|read|...]
            set emailfilter [none|read|...]
            set data-loss-prevention [none|read|...]
            set application-control [none|read|...]
            set icap [none|read|...]
            set voip [none|read|...]
            set waf [none|read|...]
            set dnsfilter [none|read|...]
            set endpoint-control [none|read|...]
        end
        set vpngrp [none|read|...]
        set wanoptgrp [none|read|...]
        set wifi [none|read|...]
    next
end

config system accprofile

Parameter

Description

Type

Size

admintimeout

Administrator timeout for this access profile.

integer

Minimum value: 1 Maximum value: 480

admintimeout-override

Enable/disable overriding the global administrator idle timeout.

option

-

Option

Description

enable

Enable overriding the global administrator idle timeout.

disable

Disable overriding the global administrator idle timeout.

authgrp

Administrator access to Users and Devices.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

comments

Comment.

var-string

Maximum length: 255

ftviewgrp

FortiView.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

fwgrp

Administrator access to the Firewall configuration.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

custom

Customized access.

loggrp

Administrator access to Logging and Reporting including viewing log messages.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

custom

Customized access.

name

Profile name.

string

Maximum length: 35

netgrp

Network Configuration.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

custom

Customized access.

scope

Scope of admin access: global or specific VDOM(s).

option

-

Option

Description

vdom

VDOM access.

global

Global access.

secfabgrp

Security Fabric.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

sysgrp

System Configuration.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

custom

Customized access.

utmgrp

Administrator access to Security Profiles.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

custom

Customized access.

vpngrp

Administrator access to IPsec, SSL, PPTP, and L2TP VPN.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

wanoptgrp *

Administrator access to WAN Opt & Cache.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

wifi

Administrator access to the WiFi controller and Switch controller.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

* This parameter may not exist in some models.

config fwgrp-permission

Parameter

Description

Type

Size

policy

Policy Configuration.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

address

Address Configuration.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

service

Service Configuration.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

schedule

Schedule Configuration.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

config loggrp-permission

Parameter

Description

Type

Size

config

Log & Report configuration.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

data-access

Log & Report Data Access.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

report-access

Log & Report Report Access.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

threat-weight

Log & Report Threat Weight.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

config netgrp-permission

Parameter

Description

Type

Size

cfg

Network Configuration.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

packet-capture

Packet Capture Configuration.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

route-cfg

Router Configuration.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

config sysgrp-permission

Parameter

Description

Type

Size

admin

Administrator Users.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

upd

FortiGuard Updates.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

cfg

System Configuration.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

mnt

Maintenance.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

config utmgrp-permission

Parameter

Description

Type

Size

antivirus

Antivirus profiles and settings.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

ips

IPS profiles and settings.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

webfilter

Web Filter profiles and settings.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

emailfilter

AntiSpam filter and settings.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

data-loss-prevention

DLP profiles and settings.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

application-control

Application Control profiles and settings.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

icap

ICAP profiles and settings.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

voip

VoIP profiles and settings.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

waf

Web Application Firewall profiles and settings.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

dnsfilter

DNS Filter profiles and settings.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

endpoint-control

FortiClient Profiles.

option

-

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.