Fortinet black logo

CLI Reference

config system accprofile

config system accprofile

Configure access profiles for system administrators.

config system accprofile

Description: Configure access profiles for system administrators.

edit <name>

set scope [vdom|global]

set comments {var-string}

set secfabgrp [none|read|...]

set ftviewgrp [none|read|...]

set authgrp [none|read|...]

set sysgrp [none|read|...]

set netgrp [none|read|...]

set loggrp [none|read|...]

set fwgrp [none|read|...]

set vpngrp [none|read|...]

set utmgrp [none|read|...]

set wifi [none|read|...]

config netgrp-permission

Description: Custom network permission.

set cfg [none|read|...]

set packet-capture [none|read|...]

set route-cfg [none|read|...]

end

config sysgrp-permission

Description: Custom system permission.

set admin [none|read|...]

set upd [none|read|...]

set cfg [none|read|...]

set mnt [none|read|...]

end

config fwgrp-permission

Description: Custom firewall permission.

set policy [none|read|...]

set address [none|read|...]

set service [none|read|...]

set schedule [none|read|...]

set others [none|read|...]

end

config loggrp-permission

Description: Custom Log & Report permission.

set config [none|read|...]

set data-access [none|read|...]

set report-access [none|read|...]

set threat-weight [none|read|...]

end

config utmgrp-permission

Description: Custom Security Profile permissions.

set antivirus [none|read|...]

set ips [none|read|...]

set webfilter [none|read|...]

set emailfilter [none|read|...]

set data-loss-prevention [none|read|...]

set file-filter [none|read|...]

set application-control [none|read|...]

set icap [none|read|...]

set voip [none|read|...]

set waf [none|read|...]

set dnsfilter [none|read|...]

set endpoint-control [none|read|...]

end

set admintimeout-override [enable|disable]

set admintimeout {integer}

set system-diagnostics [enable|disable]

next

end

config system accprofile

Parameter

Description

Type

Size

Default

scope

Scope of admin access: global or specific VDOM(s).

option

-

vdom

Option

Description

vdom

VDOM access.

global

Global access.

comments

Comment.

var-string

Maximum length: 255

secfabgrp

Security Fabric.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

ftviewgrp

FortiView.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

authgrp

Administrator access to Users and Devices.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

sysgrp

System Configuration.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

custom

Customized access.

netgrp

Network Configuration.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

custom

Customized access.

loggrp

Administrator access to Logging and Reporting including viewing log messages.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

custom

Customized access.

fwgrp

Administrator access to the Firewall configuration.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

custom

Customized access.

vpngrp

Administrator access to IPsec, SSL, PPTP, and L2TP VPN.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

utmgrp

Administrator access to Security Profiles.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

custom

Customized access.

wifi

Administrator access to the WiFi controller and Switch controller.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

admintimeout-override

Enable/disable overriding the global administrator idle timeout.

option

-

disable

Option

Description

enable

Enable overriding the global administrator idle timeout.

disable

Disable overriding the global administrator idle timeout.

admintimeout

Administrator timeout for this access profile .

integer

Minimum value: 1 Maximum value: 480

10

system-diagnostics

Enable/disable permission to run system diagnostic commands.

option

-

enable

Option

Description

enable

Enable permission to run system diagnostic commands.

disable

Disable permission to run system diagnostic commands.

config netgrp-permission

Parameter

Description

Type

Size

Default

cfg

Network Configuration.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

packet-capture

Packet Capture Configuration.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

route-cfg

Router Configuration.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

config sysgrp-permission

Parameter

Description

Type

Size

Default

admin

Administrator Users.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

upd

FortiGuard Updates.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

cfg

System Configuration.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

mnt

Maintenance.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

config fwgrp-permission

Parameter

Description

Type

Size

Default

policy

Policy Configuration.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

address

Address Configuration.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

service

Service Configuration.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

schedule

Schedule Configuration.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

others

Other Firewall Configuration.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

config loggrp-permission

Parameter

Description

Type

Size

Default

config

Log & Report configuration.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

data-access

Log & Report Data Access.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

report-access

Log & Report Report Access.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

threat-weight

Log & Report Threat Weight.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

config utmgrp-permission

Parameter

Description

Type

Size

Default

antivirus

Antivirus profiles and settings.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

ips

IPS profiles and settings.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

webfilter

Web Filter profiles and settings.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

emailfilter

Email Filter and settings.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

data-loss-prevention

DLP profiles and settings.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

file-filter

File-filter profiles and settings.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

application-control

Application Control profiles and settings.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

icap

ICAP profiles and settings.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

voip

VoIP profiles and settings.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

waf

Web Application Firewall profiles and settings.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

dnsfilter

DNS Filter profiles and settings.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

endpoint-control

FortiClient Profiles.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

config system accprofile

Configure access profiles for system administrators.

config system accprofile

Description: Configure access profiles for system administrators.

edit <name>

set scope [vdom|global]

set comments {var-string}

set secfabgrp [none|read|...]

set ftviewgrp [none|read|...]

set authgrp [none|read|...]

set sysgrp [none|read|...]

set netgrp [none|read|...]

set loggrp [none|read|...]

set fwgrp [none|read|...]

set vpngrp [none|read|...]

set utmgrp [none|read|...]

set wifi [none|read|...]

config netgrp-permission

Description: Custom network permission.

set cfg [none|read|...]

set packet-capture [none|read|...]

set route-cfg [none|read|...]

end

config sysgrp-permission

Description: Custom system permission.

set admin [none|read|...]

set upd [none|read|...]

set cfg [none|read|...]

set mnt [none|read|...]

end

config fwgrp-permission

Description: Custom firewall permission.

set policy [none|read|...]

set address [none|read|...]

set service [none|read|...]

set schedule [none|read|...]

set others [none|read|...]

end

config loggrp-permission

Description: Custom Log & Report permission.

set config [none|read|...]

set data-access [none|read|...]

set report-access [none|read|...]

set threat-weight [none|read|...]

end

config utmgrp-permission

Description: Custom Security Profile permissions.

set antivirus [none|read|...]

set ips [none|read|...]

set webfilter [none|read|...]

set emailfilter [none|read|...]

set data-loss-prevention [none|read|...]

set file-filter [none|read|...]

set application-control [none|read|...]

set icap [none|read|...]

set voip [none|read|...]

set waf [none|read|...]

set dnsfilter [none|read|...]

set endpoint-control [none|read|...]

end

set admintimeout-override [enable|disable]

set admintimeout {integer}

set system-diagnostics [enable|disable]

next

end

config system accprofile

Parameter

Description

Type

Size

Default

scope

Scope of admin access: global or specific VDOM(s).

option

-

vdom

Option

Description

vdom

VDOM access.

global

Global access.

comments

Comment.

var-string

Maximum length: 255

secfabgrp

Security Fabric.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

ftviewgrp

FortiView.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

authgrp

Administrator access to Users and Devices.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

sysgrp

System Configuration.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

custom

Customized access.

netgrp

Network Configuration.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

custom

Customized access.

loggrp

Administrator access to Logging and Reporting including viewing log messages.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

custom

Customized access.

fwgrp

Administrator access to the Firewall configuration.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

custom

Customized access.

vpngrp

Administrator access to IPsec, SSL, PPTP, and L2TP VPN.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

utmgrp

Administrator access to Security Profiles.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

custom

Customized access.

wifi

Administrator access to the WiFi controller and Switch controller.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

admintimeout-override

Enable/disable overriding the global administrator idle timeout.

option

-

disable

Option

Description

enable

Enable overriding the global administrator idle timeout.

disable

Disable overriding the global administrator idle timeout.

admintimeout

Administrator timeout for this access profile .

integer

Minimum value: 1 Maximum value: 480

10

system-diagnostics

Enable/disable permission to run system diagnostic commands.

option

-

enable

Option

Description

enable

Enable permission to run system diagnostic commands.

disable

Disable permission to run system diagnostic commands.

config netgrp-permission

Parameter

Description

Type

Size

Default

cfg

Network Configuration.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

packet-capture

Packet Capture Configuration.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

route-cfg

Router Configuration.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

config sysgrp-permission

Parameter

Description

Type

Size

Default

admin

Administrator Users.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

upd

FortiGuard Updates.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

cfg

System Configuration.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

mnt

Maintenance.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

config fwgrp-permission

Parameter

Description

Type

Size

Default

policy

Policy Configuration.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

address

Address Configuration.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

service

Service Configuration.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

schedule

Schedule Configuration.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

others

Other Firewall Configuration.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

config loggrp-permission

Parameter

Description

Type

Size

Default

config

Log & Report configuration.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

data-access

Log & Report Data Access.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

report-access

Log & Report Report Access.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

threat-weight

Log & Report Threat Weight.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

config utmgrp-permission

Parameter

Description

Type

Size

Default

antivirus

Antivirus profiles and settings.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

ips

IPS profiles and settings.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

webfilter

Web Filter profiles and settings.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

emailfilter

Email Filter and settings.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

data-loss-prevention

DLP profiles and settings.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

file-filter

File-filter profiles and settings.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

application-control

Application Control profiles and settings.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

icap

ICAP profiles and settings.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

voip

VoIP profiles and settings.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

waf

Web Application Firewall profiles and settings.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

dnsfilter

DNS Filter profiles and settings.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.

endpoint-control

FortiClient Profiles.

option

-

none

Option

Description

none

No access.

read

Read access.

read-write

Read/write access.