Per-VDOM administrators can be created that can access only the management or traffic VDOM. These administrators must use either the prof_admin administrator profile, or a custom profile.
A per-VDOM administrator can only access the FortiGate through a network interface that is assigned to the VDOM that they are assigned to. The interface must also be configured to allow management access. They can also connect to the FortiGate using the console port.
To assign an administrator to multiple VDOMs, they must be created at the global level. When creating an administrator at the VDOM level, the super_admin administrator profile cannot be used.
To create a per-VDOM administrator in the GUI:
- On the FortiGate, connect to the management VDOM.
- Go to Global > System > Administrators and click Create New > Administrator.
- Fill in the required information, setting the Type as Local User.
- In the Virtual Domains field, add the VDOM that the administrator will be assigned to, and if necessary, remove the other VDOM from the list.
- Click OK.
To create a per-VDOM administrator using the CLI:
config system admin
set vdom <VDOM_name>
set password <password>
set accprofile <admin_profile>