Fortinet white logo
Fortinet white logo

Administration Guide

Permissions

Permissions

The below table lists the default permissions for the predefined administrator profiles.

When Read-Write is selected, the user can view and make changes to the FortiManager system. When Read-Only is selected, the user can only view information. When None is selected, the user can neither view or make changes to the FortiManager system.

The FortiView setting is only available in the GUI when FortiAnalyzer features are disabled.

The Log View/FortiView, Incidents & Events, Create & Update Incidents, Triage Event, Reports, and Run Report settings are only available in the GUI when FortiAnalyzer features are enabled. See FortiAnalyzer Features.

Setting

Predefined Administrator Profile

Super User

Standard User

Restricted User

Package User

System Settings

system-setting

Read-Write

None

None

Read-Only

Administrative Domain

adom-switch

Read-Write

Read-Write

None

Read-Write

FortiGuard Center

fgd_center

Read-Write

None

None

Read-Only

License Management

fgd-center-licensing

Read-Write

None

None

Read-Only

Firmware Management

fgd-center-fmw-mgmt

Read-Write

None

None

Read-Only

Settings

fgd-center-advanced

Read-Write

None

None

Read-Only

Device Manager

device-manager

Read-Write

Read-Write

Read-Only

Read-Write

Add/Delete/Edit Devices/Groups

device-op

Read-Write

Read-Write

None

Read-Write

Retrieve Configuration from Devices

config-retrieve

Read-Write

Read-Write

Read-Only

Read-Only

Revert Configuration from Revision History

config-revert

Read-Write

Read-Write

Read-Only

Read-Only

Delete Device Revision

device-revision-deletion

Read-Write

Read-Write

Read-Only

Read-Write

Terminal Access

term-access

Read-Write

Read-Write

Read-Only

Read-Only

Manage Device Configurations

device-config

Read-Write

Read-Write

Read-Only

Read-Write

Provisioning Templates

device-profile

Read-Write

Read-Write

Read-Only

Read-Write

SD-WAN

device-wan-link-load-balance

Read-Write

Read-Write

Read-Only

Read-Write

Script Access

script-access

Read-Write

Read-Write

None

Read-Write

Policy & Objects

policy-objects

Read-Write

Read-Write

Read-Only

Read-Write

Global Policy Packages & Objects

global-policy-packages

Read-Write

Read-Write

None

Read-Write

Assignment

assignment

Read-Write

None

None

Read-Only

Policy Packages & Objects

adom-policy-packages

Read-Write

Read-Write

Read-Only

Read-Write

Policy Check

consistency-check

Read-Write

Read-Write

Read-Only

Read-Only

Edit Installation Targets

set-install-targets

Read-Write

Read-Write

Read-Only

Read-Write

Lock/Unlock ADOM

adom-lock

Read-Write

Read-Write

Read-Only

Read-Write

Lock/Unlock Device/Policy Package

device-policy-package-lock

Read-Write

Read-Write

Read-Only

Read-Write

Install Policy Package or Device Configuration

deploy-management

Read-Write

Read-Write

Read-Only

Read-Write

Import Policy Package

import-policy-packages

Read-Write

Read-Write

Read-Only

Read-Write

Interface Mapping

intf-mapping

Read-Write

Read-Write

Read-Only

Read-Write

AP Manager

device-ap

Read-Write

Read-Write

Read-Only

Read-Write

FortiSwitch Manager

device-fortiswitch

Read-Write

Read-Write

Read-Only

Read-Write

Extender Manager

device-fortiextender

Read-Write

Read-Write

Read-Only

Read-Write

VPN Manager

vpn-manager

Read-Write

Read-Write

Read-Only

Read-Write

Extension Access

extension-access

Read-Write

Read-Write

None

Read-Only

FortiView

log-viewer

Read-Write

Read-Write

Read-Only

Read-Only

Log View/FortiView

log-viewer

Read-Write

Read-Write

Read-Only

Read-Only

Incidents & Events

event-management

Read-Write

Read-Write

Read-Only

Read-Only

Create & Update Incidents

update-incidents

Read-Write

Read-Write

None

None

Triage Event

triage-events

Read-Write

Read-Write

None

None

Reports

report-viewer

Read-Write

Read-Write

Read-Only

Read-Only

Run Report

run-report

Read-Write

Read-Write

None

None

Fabric View

fabric-viewer

Read-Write

Read-Write

Read-Only

Read-Only

CLI only settings

device-forticlient

Read-Write

Read-Write

Read-Only

Read-Write

realtime-monitor

Read-Write

Read-Write

Read-Only

Read

adom-lock

Read-Write

Read-Write

Read-Only

Read-Write

device-policy-package-lock

Read-Write

Read-Write

Read-Only

Read-Write

read-passwd

Read-Write

None

None

Read-Only

ips-objects

Read-Write

Read-Write

Read

Read-Write

Permissions

Permissions

The below table lists the default permissions for the predefined administrator profiles.

When Read-Write is selected, the user can view and make changes to the FortiManager system. When Read-Only is selected, the user can only view information. When None is selected, the user can neither view or make changes to the FortiManager system.

The FortiView setting is only available in the GUI when FortiAnalyzer features are disabled.

The Log View/FortiView, Incidents & Events, Create & Update Incidents, Triage Event, Reports, and Run Report settings are only available in the GUI when FortiAnalyzer features are enabled. See FortiAnalyzer Features.

Setting

Predefined Administrator Profile

Super User

Standard User

Restricted User

Package User

System Settings

system-setting

Read-Write

None

None

Read-Only

Administrative Domain

adom-switch

Read-Write

Read-Write

None

Read-Write

FortiGuard Center

fgd_center

Read-Write

None

None

Read-Only

License Management

fgd-center-licensing

Read-Write

None

None

Read-Only

Firmware Management

fgd-center-fmw-mgmt

Read-Write

None

None

Read-Only

Settings

fgd-center-advanced

Read-Write

None

None

Read-Only

Device Manager

device-manager

Read-Write

Read-Write

Read-Only

Read-Write

Add/Delete/Edit Devices/Groups

device-op

Read-Write

Read-Write

None

Read-Write

Retrieve Configuration from Devices

config-retrieve

Read-Write

Read-Write

Read-Only

Read-Only

Revert Configuration from Revision History

config-revert

Read-Write

Read-Write

Read-Only

Read-Only

Delete Device Revision

device-revision-deletion

Read-Write

Read-Write

Read-Only

Read-Write

Terminal Access

term-access

Read-Write

Read-Write

Read-Only

Read-Only

Manage Device Configurations

device-config

Read-Write

Read-Write

Read-Only

Read-Write

Provisioning Templates

device-profile

Read-Write

Read-Write

Read-Only

Read-Write

SD-WAN

device-wan-link-load-balance

Read-Write

Read-Write

Read-Only

Read-Write

Script Access

script-access

Read-Write

Read-Write

None

Read-Write

Policy & Objects

policy-objects

Read-Write

Read-Write

Read-Only

Read-Write

Global Policy Packages & Objects

global-policy-packages

Read-Write

Read-Write

None

Read-Write

Assignment

assignment

Read-Write

None

None

Read-Only

Policy Packages & Objects

adom-policy-packages

Read-Write

Read-Write

Read-Only

Read-Write

Policy Check

consistency-check

Read-Write

Read-Write

Read-Only

Read-Only

Edit Installation Targets

set-install-targets

Read-Write

Read-Write

Read-Only

Read-Write

Lock/Unlock ADOM

adom-lock

Read-Write

Read-Write

Read-Only

Read-Write

Lock/Unlock Device/Policy Package

device-policy-package-lock

Read-Write

Read-Write

Read-Only

Read-Write

Install Policy Package or Device Configuration

deploy-management

Read-Write

Read-Write

Read-Only

Read-Write

Import Policy Package

import-policy-packages

Read-Write

Read-Write

Read-Only

Read-Write

Interface Mapping

intf-mapping

Read-Write

Read-Write

Read-Only

Read-Write

AP Manager

device-ap

Read-Write

Read-Write

Read-Only

Read-Write

FortiSwitch Manager

device-fortiswitch

Read-Write

Read-Write

Read-Only

Read-Write

Extender Manager

device-fortiextender

Read-Write

Read-Write

Read-Only

Read-Write

VPN Manager

vpn-manager

Read-Write

Read-Write

Read-Only

Read-Write

Extension Access

extension-access

Read-Write

Read-Write

None

Read-Only

FortiView

log-viewer

Read-Write

Read-Write

Read-Only

Read-Only

Log View/FortiView

log-viewer

Read-Write

Read-Write

Read-Only

Read-Only

Incidents & Events

event-management

Read-Write

Read-Write

Read-Only

Read-Only

Create & Update Incidents

update-incidents

Read-Write

Read-Write

None

None

Triage Event

triage-events

Read-Write

Read-Write

None

None

Reports

report-viewer

Read-Write

Read-Write

Read-Only

Read-Only

Run Report

run-report

Read-Write

Read-Write

None

None

Fabric View

fabric-viewer

Read-Write

Read-Write

Read-Only

Read-Only

CLI only settings

device-forticlient

Read-Write

Read-Write

Read-Only

Read-Write

realtime-monitor

Read-Write

Read-Write

Read-Only

Read

adom-lock

Read-Write

Read-Write

Read-Only

Read-Write

device-policy-package-lock

Read-Write

Read-Write

Read-Only

Read-Write

read-passwd

Read-Write

None

None

Read-Only

ips-objects

Read-Write

Read-Write

Read

Read-Write