Fortinet black logo

Administration Guide

Admin profiles and permissions

Copy Link
Copy Doc ID 825689eb-200d-11e9-b6f6-f8bc1258b856:549831
Download PDF

Admin profiles and permissions

Admin profiles are templates assigned to administrative users to define what a user can do in FortiNAC. Every administrative user is required to have an admin profile. An admin profile can be assigned to more than one Administrative User.

Each admin profile contains a list of permissions that are inherited by the associated Administrative Users. Permissions configured in Admin Profiles control the views in FortiNAC that can be accessed. If permission for access is given, in most cases, the Administrative User can Add/Modify and Delete data.

Note

If an Admin Profile that is in use is changed, the changes do not take effect until the associated Administrative Users log out of FortiNAC and log in again.

Custom setting

For special functions such as Guest Manager or Device Profiler there are Advanced permissions. Advanced permissions control items such as the Guest Account templates that can be used by someone with permission for Guest/Contractor Accounts.

Landing page

Admin Profiles also designate the first screen or landing page displayed when the Administrative User logs into FortiNAC, days and times that users can log in and the number of minutes of inactivity that trigger an automatic logout. Due to the complexity of the permissions structure, it is recommended that you define the job functions of your Administrative Users to ensure that you have considered the permissions required for each Admin Profile.

Profile mapping

Admin Profiles can be mapped to Groups to automatically assign a profile to Administrative Users as they are added to selected groups. Note that if Admin Profile Mapping is configured, moving an Administrative User to a group that is mapped changes their profile to the profile for the group. See Mappings process for additional information.

Administrator profile

The Administrator profile is a default system profile that cannot be copied, deleted or renamed. This is the only profile that has access to every view in FortiNAC including: Admin Users, Admin Profiles and the Quick Start wizard. See Default administrator profiles.

See Navigation and Filters for information on common navigation tools and data filters.

Settings

Field

Definition

Name

User specified name for the profile. This name is displayed in the Admin User window when you are attaching the profile to an Administrative User.

Inactivity Time

User is logged out after this amount of time has elapsed without any activity.

Login Availability

Indicates when users with this profile can log in to FortiNAC. Options include: Always or Specify Time. If you choose Specify Time, the user is limited to certain times of day and days of the week.

Landing Page

Indicates the first view displayed when an Admin User with this profile logs into FortiNAC.

Note

User specified note field. This field may contain notes regarding the data conversion from a previous version of FortiNAC

Last Modified By

User name of the last user to modify the profile.

Last Modified Date

Date and time of the last modification to this profile.

Right click options & buttons

Export

Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF or RTF. See Export data.

Copy

Copy the selected Profile to create a new record. The Administrator Profile cannot be copied.

Delete

Deletes the selected Profile. Profiles cannot be deleted if they are in use. The Administrator Profile can never be deleted.

Modify

Opens the Modify Admin Profile window for the selected profile. On the Administrator Profile only the Inactivity Time can be modified.

In Use

Opens a list of Administrative Users that have the selected profile attached.

Show Audit Log

Opens the Admin Auditing Log showing all changes made to the selected item.

For information about the Admin Auditing Log, see Admin auditing.

Note

You must have permission to view the Admin Auditing Log. See Add an admin profile.

Admin profiles and permissions

Admin profiles are templates assigned to administrative users to define what a user can do in FortiNAC. Every administrative user is required to have an admin profile. An admin profile can be assigned to more than one Administrative User.

Each admin profile contains a list of permissions that are inherited by the associated Administrative Users. Permissions configured in Admin Profiles control the views in FortiNAC that can be accessed. If permission for access is given, in most cases, the Administrative User can Add/Modify and Delete data.

Note

If an Admin Profile that is in use is changed, the changes do not take effect until the associated Administrative Users log out of FortiNAC and log in again.

Custom setting

For special functions such as Guest Manager or Device Profiler there are Advanced permissions. Advanced permissions control items such as the Guest Account templates that can be used by someone with permission for Guest/Contractor Accounts.

Landing page

Admin Profiles also designate the first screen or landing page displayed when the Administrative User logs into FortiNAC, days and times that users can log in and the number of minutes of inactivity that trigger an automatic logout. Due to the complexity of the permissions structure, it is recommended that you define the job functions of your Administrative Users to ensure that you have considered the permissions required for each Admin Profile.

Profile mapping

Admin Profiles can be mapped to Groups to automatically assign a profile to Administrative Users as they are added to selected groups. Note that if Admin Profile Mapping is configured, moving an Administrative User to a group that is mapped changes their profile to the profile for the group. See Mappings process for additional information.

Administrator profile

The Administrator profile is a default system profile that cannot be copied, deleted or renamed. This is the only profile that has access to every view in FortiNAC including: Admin Users, Admin Profiles and the Quick Start wizard. See Default administrator profiles.

See Navigation and Filters for information on common navigation tools and data filters.

Settings

Field

Definition

Name

User specified name for the profile. This name is displayed in the Admin User window when you are attaching the profile to an Administrative User.

Inactivity Time

User is logged out after this amount of time has elapsed without any activity.

Login Availability

Indicates when users with this profile can log in to FortiNAC. Options include: Always or Specify Time. If you choose Specify Time, the user is limited to certain times of day and days of the week.

Landing Page

Indicates the first view displayed when an Admin User with this profile logs into FortiNAC.

Note

User specified note field. This field may contain notes regarding the data conversion from a previous version of FortiNAC

Last Modified By

User name of the last user to modify the profile.

Last Modified Date

Date and time of the last modification to this profile.

Right click options & buttons

Export

Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF or RTF. See Export data.

Copy

Copy the selected Profile to create a new record. The Administrator Profile cannot be copied.

Delete

Deletes the selected Profile. Profiles cannot be deleted if they are in use. The Administrator Profile can never be deleted.

Modify

Opens the Modify Admin Profile window for the selected profile. On the Administrator Profile only the Inactivity Time can be modified.

In Use

Opens a list of Administrative Users that have the selected profile attached.

Show Audit Log

Opens the Admin Auditing Log showing all changes made to the selected item.

For information about the Admin Auditing Log, see Admin auditing.

Note

You must have permission to view the Admin Auditing Log. See Add an admin profile.