Permissions
The below table lists the default permissions for the predefined administrator profiles.
When Read-Write is selected, the user can view and make changes to the FortiManager system. When Read-Only is selected, the user can only view information. When None is selected, the user can neither view or make changes to the FortiManager system.
The FortiView setting is only available in the GUI when FortiAnalyzer features are disabled. The Log View/FortiView, Incidents & Events, Create & Update Incidents, Triage Event, Reports, and Run Report settings are only available in the GUI when FortiAnalyzer features are enabled. See FortiAnalyzer Features. |
Setting |
Predefined Administrator Profile |
||||
---|---|---|---|---|---|
Super User |
Standard User |
Restricted User |
Package User |
||
System Settings
|
Read-Write |
None |
None |
Read-Only |
|
Administrative Domain
|
Read-Write |
Read-Write |
None |
Read-Write |
|
FortiGuard Center
|
Read-Write |
None |
None |
Read-Only |
|
|
License Management
|
Read-Write |
None |
None |
Read-Only |
|
Firmware Management
|
Read-Write |
None |
None |
Read-Only |
|
Settings
|
Read-Write |
None |
None |
Read-Only |
Device Manager
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
|
Add/Delete/Edit Devices/Groups
|
Read-Write |
Read-Write |
None |
Read-Write |
|
Retrieve Configuration from Devices
|
Read-Write |
Read-Write |
Read-Only |
Read-Only |
|
Revert Configuration from Revision History
|
Read-Write |
Read-Write |
Read-Only |
Read-Only |
|
Delete Device Revision
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
Terminal Access
|
Read-Write |
Read-Write |
Read-Only |
Read-Only |
|
Manage Device Configurations
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
Provisioning Templates
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
SD-WAN
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
Script Access
|
Read-Write |
Read-Write |
None |
Read-Write |
Policy & Objects
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
|
Global Policy Packages & Objects
|
Read-Write |
Read-Write |
None |
Read-Write |
|
Assignment
|
Read-Write |
None |
None |
Read-Only |
|
Policy Packages & Objects
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
Policy Check
|
Read-Write |
Read-Write |
Read-Only |
Read-Only |
|
Edit Installation Targets
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
Lock/Unlock ADOM
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
Lock/Unlock Device/Policy Package
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
Install Policy Package or Device Configuration
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
Import Policy Package
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
Interface Mapping
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
AP Manager
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
FortiSwitch Manager
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
Extender Manager
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
VPN Manager
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
Extension Access
|
Read-Write |
Read-Write |
None |
Read-Only |
|
FortiView
|
Read-Write |
Read-Write |
Read-Only |
Read-Only |
|
Log View/FortiView
|
Read-Write |
Read-Write |
Read-Only |
Read-Only |
|
Incidents & Events
|
Read-Write |
Read-Write |
Read-Only |
Read-Only |
|
Create & Update Incidents
|
Read-Write |
Read-Write |
None |
None |
|
Triage Event
|
Read-Write |
Read-Write |
None |
None |
|
Reports
|
Read-Write |
Read-Write |
Read-Only |
Read-Only |
|
Run Report
|
Read-Write |
Read-Write |
None |
None |
|
Fabric View
|
Read-Write |
Read-Write |
Read-Only |
Read-Only |
|
CLI only settings |
|||||
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
|
Read-Write |
Read-Write |
Read-Only |
Read |
|
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
|
Read-Write |
Read-Write |
Read-Only |
Read-Write |
|
|
Read-Write |
None |
None |
Read-Only |
|
ips-objects
|
Read-Write |
Read-Write |
Read |
Read-Write |