Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Override administrator attributes from profiles

FortiManager administrator accounts can be configured to use the RPC Permit (JSON API Access) and Trusted Hosts attributes that are defined by an administrator profile.

When an administrator has been configured to use the attributes from the profile, the attributes can no longer be changed by editing the administrator account.

This feature can only be configured from the FortiManager CLI.

For more information, see the FortiManager CLI Reference Guide on the Fortinet Document Library.

To use RPC Permit and Trusted Host administrator attributes from a profile:
  1. Go to System Settings > Admin > Administrators, and create or edit an admin user.
  2. In Admin Profile dropdown, select an administrator profile, and click OK.
  3. Configure the settings for the rpc-permit and/or trusthost1 attributes in the admin profile.
    Enter the following commands in the FortiManager CLI:

    config system admin profile

    edit <profile name>

    set rpc-permit {none | read | read-write}

    set trusthost1 <ip & netmask>

    end

  4. Configure the admin user to use the from-profile option for the rpc-permit and/or trusthost1 attributes.
    Enter the following commands in the FortiManager CLI:

    config system admin user

    edit <admin user>

    set rpc-permit from-profile

    set trusthost1 from-profile

    end

  5. In the FortiManager GUI, go to System Settings > Admin > Administrators and view the administrator account. The attributes that were configured to use the from-profile setting can no longer be edited and display the settings defined in the administrator profile.

Override administrator attributes from profiles

FortiManager administrator accounts can be configured to use the RPC Permit (JSON API Access) and Trusted Hosts attributes that are defined by an administrator profile.

When an administrator has been configured to use the attributes from the profile, the attributes can no longer be changed by editing the administrator account.

This feature can only be configured from the FortiManager CLI.

For more information, see the FortiManager CLI Reference Guide on the Fortinet Document Library.

To use RPC Permit and Trusted Host administrator attributes from a profile:
  1. Go to System Settings > Admin > Administrators, and create or edit an admin user.
  2. In Admin Profile dropdown, select an administrator profile, and click OK.
  3. Configure the settings for the rpc-permit and/or trusthost1 attributes in the admin profile.
    Enter the following commands in the FortiManager CLI:

    config system admin profile

    edit <profile name>

    set rpc-permit {none | read | read-write}

    set trusthost1 <ip & netmask>

    end

  4. Configure the admin user to use the from-profile option for the rpc-permit and/or trusthost1 attributes.
    Enter the following commands in the FortiManager CLI:

    config system admin user

    edit <admin user>

    set rpc-permit from-profile

    set trusthost1 from-profile

    end

  5. In the FortiManager GUI, go to System Settings > Admin > Administrators and view the administrator account. The attributes that were configured to use the from-profile setting can no longer be edited and display the settings defined in the administrator profile.