Fortinet white logo
Fortinet white logo

Administration Guide

Creating administrator profiles

Creating administrator profiles

To create a new administrator profile, you must be logged in to an account with sufficient privileges, or as a super user administrator.

To create a custom administrator profile:
  1. Go to System Settings > Admin Profiles.

  2. Click Create New in the toolbar. The New Profile pane is displayed.

  3. Configure the following settings:

    Profile Name

    Enter a name for this profile.

    Description

    Optionally, enter a description for this profile. While not a requirement, a description can help to know what the profiles is for, or the levels it is set to.

    Type

    Select the type of profile: System Admin, Restricted Admin, or ADOM Scoped Admin.

    The ADOM Scoped Admin profile limits administrators to managing administrators within their own ADOM. When ADOM Scoped Admin is selected, you must set the System Settings permission to None if the administrators should not have access to global settings.

    Permission

    Select which permissions to enable from Web Filter , Application Control, and Intrusion Prevention.

    This option is only available when Type is Restricted Admin. See Restricted administrators for information.

    Allow to Install

    Allows restricted administrators to install Web Filters, Intrusion Prevention, and Application Control profiles. See Installing profiles as a restricted administrator.

    Permissions

    Select None, Read Only, or Read-Write access for the categories as required.

    This option is only available when Type is System Admin.

    This option is not available when Type is Restricted.

    Privacy Masking

    Enable/disable privacy masking.

    This option is only available when FortiAnalyzer features are enabled.

    Masked Data Fields

    Select the fields to mask: Destination Name, Source IP, Destination IP, User, Source Name, Email, Message, and/or Source MAC.

    Data Mask Key

    Enter the data masking encryption key. You need the Data Mask Key to see the original data.

    Data Unmasked Time(0-365 Days)

    Enter the number of days the user assigned to this profile can see all logs without masking.

    The logs are masked if the time period in the Log View toolbar is greater than the number of days in the Data Masked Time field.

    Note
    • Only integers between 0-365 are supported.
    • Time frame masking does not apply to real time logs.
    • Time frame masking applies to custom view and drill-down data.
  4. Click OK to create the new administrator profile.

To apply a profile to an administrator:
  1. Go to System Settings > Administrators.

  2. Create a new administrator or edit an existing administrator. The Edit Administrator pane is displayed.

  3. From the Admin Profile list, select a profile.

    ADOM scoped admin profiles are only available when the Administrative Domain is Specify and the Admin Profile is Single.

Creating administrator profiles

Creating administrator profiles

To create a new administrator profile, you must be logged in to an account with sufficient privileges, or as a super user administrator.

To create a custom administrator profile:
  1. Go to System Settings > Admin Profiles.

  2. Click Create New in the toolbar. The New Profile pane is displayed.

  3. Configure the following settings:

    Profile Name

    Enter a name for this profile.

    Description

    Optionally, enter a description for this profile. While not a requirement, a description can help to know what the profiles is for, or the levels it is set to.

    Type

    Select the type of profile: System Admin, Restricted Admin, or ADOM Scoped Admin.

    The ADOM Scoped Admin profile limits administrators to managing administrators within their own ADOM. When ADOM Scoped Admin is selected, you must set the System Settings permission to None if the administrators should not have access to global settings.

    Permission

    Select which permissions to enable from Web Filter , Application Control, and Intrusion Prevention.

    This option is only available when Type is Restricted Admin. See Restricted administrators for information.

    Allow to Install

    Allows restricted administrators to install Web Filters, Intrusion Prevention, and Application Control profiles. See Installing profiles as a restricted administrator.

    Permissions

    Select None, Read Only, or Read-Write access for the categories as required.

    This option is only available when Type is System Admin.

    This option is not available when Type is Restricted.

    Privacy Masking

    Enable/disable privacy masking.

    This option is only available when FortiAnalyzer features are enabled.

    Masked Data Fields

    Select the fields to mask: Destination Name, Source IP, Destination IP, User, Source Name, Email, Message, and/or Source MAC.

    Data Mask Key

    Enter the data masking encryption key. You need the Data Mask Key to see the original data.

    Data Unmasked Time(0-365 Days)

    Enter the number of days the user assigned to this profile can see all logs without masking.

    The logs are masked if the time period in the Log View toolbar is greater than the number of days in the Data Masked Time field.

    Note
    • Only integers between 0-365 are supported.
    • Time frame masking does not apply to real time logs.
    • Time frame masking applies to custom view and drill-down data.
  4. Click OK to create the new administrator profile.

To apply a profile to an administrator:
  1. Go to System Settings > Administrators.

  2. Create a new administrator or edit an existing administrator. The Edit Administrator pane is displayed.

  3. From the Admin Profile list, select a profile.

    ADOM scoped admin profiles are only available when the Administrative Domain is Specify and the Admin Profile is Single.