Restricted administrators
Restricted administrator accounts are used to delegate management of Web Filter, IPS, and Application Control profiles, and then install those objects to their assigned ADOM.
Restricted administrators cannot be used when workflow mode is enabled. See Workflow mode. |
When a restricted administrators logs in to the FortiManager, they enter the Restricted Admin Mode. This mode consists of a simplified GUI where they can make changes to the profiles that they have access to, and then install those changes using the Install command in the toolbar, to their designated ADOM.
To create a restricted administrator:
- Create an administrator profile with the Type set to Restricted Admin and the required permissions selected. See Creating administrator profiles.
- Create a new administrator and select the restricted administrator profile for the Admin Profile, then select the specific ADOMs and profiles that the administrator can manage. See Creating administrators
Starting in FortiManager 7.0.3, you can select multiple ADOMs with restricted administrator profiles when creating or editing an administrator account. |
Restricted administrators can create new custom signatures for Intrusion Prevention and Application Control. See Intrusion prevention restricted administrator and Application control restricted administrator. |