Restricted administrator accounts are used to delegate management of Web Filter, IPS, and Application Control profiles, and then install those objects to their assigned ADOM.
Restricted administrators cannot be used when workflow mode is enabled. See Workflow mode.
When a restricted administrators logs in to the FortiManager, they enter the Restricted Admin Mode. This mode consists of a simplified GUI where they can make changes to the profiles that they have access to, and then install those changes using the Install command in the toolbar, to their designated ADOM.
To create a restricted administrator:
- Create an administrator profile with the Type set to Restricted Admin and the required permissions selected. See Creating administrator profiles.
- Create a new administrator and select the restricted administrator profile for the Admin Profile, then select the specific ADOM and profiles that the administrator can manage. See Creating administrators