Permissions
The below table lists the default permissions for the predefined administrator profiles.
When Read-Write is selected, the user can view and make changes to the FortiManager system. When Read-Only is selected, the user can only view information. When None is selected, the user can neither view or make changes to the FortiManager system.
|
Setting |
Predefined Administrator Profile |
||||
|---|---|---|---|---|---|
|
Super User |
Standard User |
Restricted User |
Package User |
||
|
System Settings
|
Read-Write |
None |
None |
Read-Only |
|
|
Administrative Domain
|
Read-Write |
Read-Write |
None |
Read-Write |
|
|
FortiGuard Center
|
Read-Write |
None |
None |
Read-Only |
|
|
|
License Management
|
Read-Write |
None |
None |
Read-Only |
|
|
Firmware Management
|
Read-Write |
None |
None |
Read-Only |
|
|
Settings
|
Read-Write |
None |
None |
Read-Only |
|
Device Manager
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
|
|
Add/Delete/Edit Devices/Groups
|
Read-Write |
Read-Write |
None |
Read-Write |
|
|
Retrieve Configuration from Devices
|
Read-Write |
Read-Write |
Read-Only |
Read-Only |
|
|
Revert Configuration from Revision History
|
Read-Write |
Read-Write |
Read-Only |
Read-Only |
|
|
Delete Device Revision
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
|
Terminal Access
|
Read-Write |
Read-Write |
Read-Only |
Read-Only |
|
|
Manage Device Configurations
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
|
Provisioning Templates
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
|
SD-WAN
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
|
Script Access
|
Read-Write |
Read-Write |
None |
Read-Write |
|
Policy & Objects
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
|
|
Global Policy Packages & Objects
|
Read-Write |
Read-Write |
None |
Read-Write |
|
|
Assignment
|
Read-Write |
None |
None |
Read-Only |
|
|
Policy Packages & Objects
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
|
Policy Check
|
Read-Write |
Read-Write |
Read-Only |
Read-Only |
|
|
Edit Installation Targets
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
|
IPS Baseline Profile
|
Read-Write |
Read-Only |
Read-Only |
Read-Only |
|
Lock/Unlock ADOM
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
|
Lock/Unlock Device/Policy Package
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
|
Install Policy Package or Device Configuration
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
|
Import Policy Package
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
|
Interface Mapping
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
|
AP Manager
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
|
FortiClient Manager
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
|
FortiSwitch Manager
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
|
VPN Manager
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
|
Extension Access
|
Read-Write |
Read-Write |
None |
Read-Only |
|
|
FortiView
|
Read-Write |
Read-Write |
Read-Only |
Read-Only |
|
|
Log View/FortiView
|
Read-Write |
Read-Write |
Read-Only |
Read-Only |
|
|
Reports
|
Read-Write |
Read-Write |
Read-Only |
Read-Only |
|
|
FortiFabric
|
Read-Write |
Read-Write |
Read-Only |
Read-Only |
|
|
CLI only settings |
|||||
|
|
Read-Write |
Read-Write |
Read-Only |
Read |
|
|
|
Read-Write |
None |
None |
Read-Only |
|
|
The FortiView setting is only available when FortiAnalyzer features are disabled. The Log View/FortiView, FortiSOC, Create & Update Incidents, Triage Event, Reports, and Run Report settings are only available when FortiAnalyzer features are enabled. See FortiAnalyzer Features. |