Fortinet Document Library

Version:

Version:


Table of Contents

Administration Guide

Download PDF
Copy Link

Default administrator profiles

FortiNAC has some default profiles that can be used to control system access. These profiles are always included in the database. With the exception of the System Administrator profile, they can be modified, deleted or copied.

Default profiles - new database

The table below describes the profiles that are in any new FortiNAC database and the default settings for each profile.

View

Access

Permissions enabled

System Administrator

All

This profile cannot be deleted or copied. The only attribute of this profile that can be modified is the Inactivity Time. The System Administrator profile has access to every part of FortiNAC.

All

Help desk

Group Membership

User can access the group membership for Hosts and add or modify the selected host's membership in groups.

Access

Guest/Contractor Accounts

User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials.

Access,

Add/Modify

Delete

Locate Hosts & Users

User can search for Hosts and Users but cannot modify data.

This is the default landing page when a user with this profile logs into FortiNAC.

Access

Self Registration Requests

User can view self registration requests and allow or deny those requests.

Access

Add/Modify

Operator

Group Membership

User can access the group membership for Hosts and add or modify the selected host's membership in groups.

Operators are restricted to the host and user groups they are configured to manage. They do not have access to all hosts and users

Access

Add/Modify

Locate Hosts & Users

User can view adapter, host, user, and device identity. User can modify Host information but cannot delete any records.

Access

Manage Hosts & Ports

  • Adapter List: Disable adapters.
  • Adapter Properties: View only.
  • Host Properties: View and modify access, but cannot send a message.

  • User Properties - View Only.
  • Device Identity - View and export data.

This is the default landing page when a user with this profile logs into FortiNAC.

Access

Guest/Contractor Accounts

User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials.

Access,

Add/Modify

Delete

Self Registration Requests

User can view self registration requests and allow or deny those requests.

Access

Add/Modify

Profile_Sample

Group Membership

User can access the group membership for Hosts and add or modify the selected host's membership in groups.

Access

Add/Modify

Guest/Contractor Accounts

User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials.

User is limited to the GuestAccess_Sample template, can create accounts 45 days in advance and can create accounts with a maximum duration of 15 days.

Access,

Add/Modify

Custom Settings

Self Registration Requests

User can view self registration requests and allow or deny those requests.

Access

Add/Modify

Security analyst

Dashboard

User can access and view the dashboard.

Access

Network Devices

User can view, add, modify, or delete network devices in the following views:

  • CLI configuration
  • Device profiling rules
  • L2 polling
  • L3 polling
  • Locate
  • Port changes
  • Topology

Access

Add/Modify

Delete

Users/Hosts/
Adapters

User can access, add, modify, or delete users, hosts, and adapters in the following views:

  • Adapters View
  • Connections
  • Device Identity
  • Hosts View
  • Scan Results
  • Users View

Access

Add/Modify

Delete

Possible profiles - upgraded database

Prior versions of FortiNAC contained several user types with varying permissions. From Version 7.0 forward there is only one type of administrator and access is controlled based on the settings of the administrator profile associated with each user. During the upgrade process any existing administrator types and their corresponding permissions are converted to administrator profiles and assigned to administrators. There may be many as two Help Desk profiles and eight Operator profiles created during the upgrade. The table below contains the full list of administrator profiles that could be created.

View

Access

Permissions enabled

Administrator

All

This profile cannot be deleted or copied. The only attribute of this profile that can be modified is the Inactivity Time. The System Administrator profile has access to every part of FortiNAC.

All

Help desk

Group Membership

User can access the group membership for Hosts and add or modify the selected host's membership in groups.

Access

Guest/Contractor Accounts

User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials.

Access,

Add/Modify

Delete

Locate Hosts & Users

User can search for Hosts and Users but cannot modify data.

This is the default landing page when a user with this profile logs into FortiNAC.

Access

Self Registration Requests

User can view self registration requests and allow or deny those requests.

Access

Add/Modify

Help desk with messaging

Group Membership

User can access the group membership for Hosts and add or modify the selected host's membership in groups.

Access

Guest/Contractor Accounts

User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials.

Access,

Add/Modify

Delete

Locate Hosts & Users

User can search for Hosts and Users but cannot modify data.

This is the default landing page when a user with this profile logs into FortiNAC.

Access

Send Message

User can send messages to hosts with the Persistent Agent or Mobile Agent installed.

Access

Self Registration Requests

User can view self registration requests and allow or deny those requests.

Access

Add/Modify

Operator

Group Membership

User can access the group membership for Hosts and add or modify the selected host's membership in groups.

Operators are restricted to the host and user groups they are configured to manage. They do not have access to all hosts and users

Access

Add/Modify

Locate Hosts & Users

User can view adapter, host, user, and device identity. User can modify Host information but cannot delete any records.

Access

Manage Hosts & Ports

Adapter List - Disable adapters.

Adapter Properties- View only.

Host Properties-View and modify access, but cannot send a message.

User Properties - View Only.

Device Identity - View and export data.

This is the default landing page when a user with this profile logs into FortiNAC.

Access

Guest/Contractor Accounts

User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials.

Access,

Add/Modify

Delete

Self Registration Requests

User can view self registration requests and allow or deny those requests.

Access

Add/Modify

Operator with messaging

Group Membership

User can access the group membership for Hosts and add or modify the selected host's membership in groups.

Access

Add/Modify

Locate Hosts & Users

User can view adapter, host, user, and device identity. User can modify Host information but cannot delete any records.

Access

Manage Hosts & Ports

  • Adapter List - Disable adapters.
  • Adapter Properties- View only.
  • Host Properties-View and modify access, and can send a message.
  • User Properties-View Only.
  • Device Identity - View and export data.

This is the default landing page when a user with this profile logs into FortiNAC.

Access

Guest/Contractor Accounts

User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials.

Access,

Add/Modify

Delete

Self Registration Requests

User can view self registration requests and allow or deny those requests.

Access

Add/Modify

Send Message

User can send messages to hosts with the Persistent Agent installed.

Access

Operator with add hosts

Group Membership

User can access the group membership for Hosts and add or modify the selected host's membership in groups.

Access

Add/Modify

Locate Hosts & Users

User can view adapter, host, user, and device identity. User can modify Host information but cannot delete any records.

Access

Manage Hosts & Ports

  • Adapter List - Disable adapters.
  • Adapter Properties- View only.
  • Host Properties-View and modify access, but cannot send a message.
  • User Properties-View only.
  • Device Identity - View and export data.
  • User can add hosts.

This is the default landing page when a user with this profile logs into FortiNAC.

Access

Add/Modify

Guest/Contractor Accounts

User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials.

Access,

Add/Modify

Delete

Self Registration Requests

User can view self registration requests and allow or deny those requests.

Access

Add/Modify

Operator with delete hosts

Group Membership

User can access the group membership for Hosts and add or modify the selected host's membership in groups.

Access

Add/Modify

Locate Hosts & Users

User can view adapter, host, user, and device identity. User can modify Host information and delete host and adapter records.

Access

Manage Hosts & Ports

  • Adapter List - Disable adapters.
  • Adapter Properties- View only.
  • Host Properties-View and modify access, but cannot send a message.
  • User Properties-View only.
  • Device Identity - View and export data.

This is the default landing page when a user with this profile logs into FortiNAC.

Access

Delete

Guest/Contractor Accounts

User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials.

Access,

Add/Modify

Delete

Self Registration Requests

User can view self registration requests and allow or deny those requests.

Access

Add/Modify

Operator with add hosts and messaging

Group Membership

User can access the group membership for Hosts and add or modify the selected host's membership in groups.

Access

Add/Modify

Locate Hosts & Users

User can view adapter, host, user, and device identity. User can modify Host information but cannot delete any records.

Access

Manage Hosts & Ports

  • Adapter List - Disable adapters.
  • Adapter Properties- View only.
  • Host Properties-View and modify access, and can send a message.
  • User Properties-View only.
  • Device Identity - View and export data.
  • User can add hosts.

This is the default landing page when a user with this profile logs into FortiNAC.

Access

Add/Modify

Guest/Contractor Accounts

User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials.

Access,

Add/Modify

Delete

Self Registration Requests

User can view self registration requests and allow or deny those requests.

Access

Add/Modify

Send Message

User can send messages to hosts with the Persistent Agent installed.

Access

Operator with delete hosts and messaging

Group Membership

User can access the group membership for Hosts and add or modify the selected host's membership in groups.

Access

Add/Modify

Locate Hosts & Users

User can view adapter, host, user, and device identity. User can modify Host information and delete host and adapter records.

Access

Manage Hosts & Ports

  • Adapter List - Disable adapters.
  • Adapter Properties- View only.
  • Host Properties-View and modify access, and can send a message.
  • User Properties-View only.
  • Device Identity - View and export data.

This is the default landing page when a user with this profile logs into FortiNAC.

Access

Delete

Guest/Contractor Accounts

User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials.

Access,

Add/Modify

Delete

Self Registration Requests

User can view self registration requests and allow or deny those requests.

Access

Add/Modify

Send Message

User can send messages to hosts with the Persistent Agent installed.

Access

Operator with delete hosts, add hosts, and messaging

Group Membership

User can access the group membership for Hosts and add or modify the selected host's membership in groups.

Access

Add/Modify

Locate Hosts & Users

User can view adapter, host, user, and device identity. User can modify Host information and delete host and adapter records.

Access

Manage Hosts & Ports

  • Adapter List - Disable adapters.
  • Adapter Properties- View only.
  • Host Properties-View and modify access, and can send a message.
  • User Properties-View only.
  • Device Identity - View and export data.
  • User can add hosts.

This is the default landing page when a user with this profile logs into FortiNAC.

Access

Add/Modify

Delete

Guest/Contractor Accounts

User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials.

Access,

Add/Modify

Delete

Self Registration Requests

User can view self registration requests and allow or deny those requests.

Access

Add/Modify

Send Message

User can send messages to hosts with the Persistent Agent installed.

Access

Profile_Sample

Group Membership

User can access the group membership for Hosts and add or modify the selected host's membership in groups.

Access

Add/Modify

Guest/Contractor Accounts

User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials.

User is limited to the GuestAccess_Sample template, can create accounts 45 days in advance and can create accounts with a maximum duration of 15 days.

Access,

Add/Modify

Custom Settings

Self Registration Requests

User can view self registration requests and allow or deny those requests.

Access

Add/Modify

Security analyst

Dashboard

User can access and view the dashboard

Access

Network Devices

User can view, add, modify, or delete network devices in the following views:

  • CLI configuration
  • Device profiling rules
  • L2 polling
  • L3 polling
  • Locate
  • Port changes
  • Topology

Access

Add/Modify

Delete

Default administrator profiles

FortiNAC has some default profiles that can be used to control system access. These profiles are always included in the database. With the exception of the System Administrator profile, they can be modified, deleted or copied.

Default profiles - new database

The table below describes the profiles that are in any new FortiNAC database and the default settings for each profile.

View

Access

Permissions enabled

System Administrator

All

This profile cannot be deleted or copied. The only attribute of this profile that can be modified is the Inactivity Time. The System Administrator profile has access to every part of FortiNAC.

All

Help desk

Group Membership

User can access the group membership for Hosts and add or modify the selected host's membership in groups.

Access

Guest/Contractor Accounts

User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials.

Access,

Add/Modify

Delete

Locate Hosts & Users

User can search for Hosts and Users but cannot modify data.

This is the default landing page when a user with this profile logs into FortiNAC.

Access

Self Registration Requests

User can view self registration requests and allow or deny those requests.

Access

Add/Modify

Operator

Group Membership

User can access the group membership for Hosts and add or modify the selected host's membership in groups.

Operators are restricted to the host and user groups they are configured to manage. They do not have access to all hosts and users

Access

Add/Modify

Locate Hosts & Users

User can view adapter, host, user, and device identity. User can modify Host information but cannot delete any records.

Access

Manage Hosts & Ports

  • Adapter List: Disable adapters.
  • Adapter Properties: View only.
  • Host Properties: View and modify access, but cannot send a message.

  • User Properties - View Only.
  • Device Identity - View and export data.

This is the default landing page when a user with this profile logs into FortiNAC.

Access

Guest/Contractor Accounts

User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials.

Access,

Add/Modify

Delete

Self Registration Requests

User can view self registration requests and allow or deny those requests.

Access

Add/Modify

Profile_Sample

Group Membership

User can access the group membership for Hosts and add or modify the selected host's membership in groups.

Access

Add/Modify

Guest/Contractor Accounts

User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials.

User is limited to the GuestAccess_Sample template, can create accounts 45 days in advance and can create accounts with a maximum duration of 15 days.

Access,

Add/Modify

Custom Settings

Self Registration Requests

User can view self registration requests and allow or deny those requests.

Access

Add/Modify

Security analyst

Dashboard

User can access and view the dashboard.

Access

Network Devices

User can view, add, modify, or delete network devices in the following views:

  • CLI configuration
  • Device profiling rules
  • L2 polling
  • L3 polling
  • Locate
  • Port changes
  • Topology

Access

Add/Modify

Delete

Users/Hosts/
Adapters

User can access, add, modify, or delete users, hosts, and adapters in the following views:

  • Adapters View
  • Connections
  • Device Identity
  • Hosts View
  • Scan Results
  • Users View

Access

Add/Modify

Delete

Possible profiles - upgraded database

Prior versions of FortiNAC contained several user types with varying permissions. From Version 7.0 forward there is only one type of administrator and access is controlled based on the settings of the administrator profile associated with each user. During the upgrade process any existing administrator types and their corresponding permissions are converted to administrator profiles and assigned to administrators. There may be many as two Help Desk profiles and eight Operator profiles created during the upgrade. The table below contains the full list of administrator profiles that could be created.

View

Access

Permissions enabled

Administrator

All

This profile cannot be deleted or copied. The only attribute of this profile that can be modified is the Inactivity Time. The System Administrator profile has access to every part of FortiNAC.

All

Help desk

Group Membership

User can access the group membership for Hosts and add or modify the selected host's membership in groups.

Access

Guest/Contractor Accounts

User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials.

Access,

Add/Modify

Delete

Locate Hosts & Users

User can search for Hosts and Users but cannot modify data.

This is the default landing page when a user with this profile logs into FortiNAC.

Access

Self Registration Requests

User can view self registration requests and allow or deny those requests.

Access

Add/Modify

Help desk with messaging

Group Membership

User can access the group membership for Hosts and add or modify the selected host's membership in groups.

Access

Guest/Contractor Accounts

User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials.

Access,

Add/Modify

Delete

Locate Hosts & Users

User can search for Hosts and Users but cannot modify data.

This is the default landing page when a user with this profile logs into FortiNAC.

Access

Send Message

User can send messages to hosts with the Persistent Agent or Mobile Agent installed.

Access

Self Registration Requests

User can view self registration requests and allow or deny those requests.

Access

Add/Modify

Operator

Group Membership

User can access the group membership for Hosts and add or modify the selected host's membership in groups.

Operators are restricted to the host and user groups they are configured to manage. They do not have access to all hosts and users

Access

Add/Modify

Locate Hosts & Users

User can view adapter, host, user, and device identity. User can modify Host information but cannot delete any records.

Access

Manage Hosts & Ports

Adapter List - Disable adapters.

Adapter Properties- View only.

Host Properties-View and modify access, but cannot send a message.

User Properties - View Only.

Device Identity - View and export data.

This is the default landing page when a user with this profile logs into FortiNAC.

Access

Guest/Contractor Accounts

User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials.

Access,

Add/Modify

Delete

Self Registration Requests

User can view self registration requests and allow or deny those requests.

Access

Add/Modify

Operator with messaging

Group Membership

User can access the group membership for Hosts and add or modify the selected host's membership in groups.

Access

Add/Modify

Locate Hosts & Users

User can view adapter, host, user, and device identity. User can modify Host information but cannot delete any records.

Access

Manage Hosts & Ports

  • Adapter List - Disable adapters.
  • Adapter Properties- View only.
  • Host Properties-View and modify access, and can send a message.
  • User Properties-View Only.
  • Device Identity - View and export data.

This is the default landing page when a user with this profile logs into FortiNAC.

Access

Guest/Contractor Accounts

User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials.

Access,

Add/Modify

Delete

Self Registration Requests

User can view self registration requests and allow or deny those requests.

Access

Add/Modify

Send Message

User can send messages to hosts with the Persistent Agent installed.

Access

Operator with add hosts

Group Membership

User can access the group membership for Hosts and add or modify the selected host's membership in groups.

Access

Add/Modify

Locate Hosts & Users

User can view adapter, host, user, and device identity. User can modify Host information but cannot delete any records.

Access

Manage Hosts & Ports

  • Adapter List - Disable adapters.
  • Adapter Properties- View only.
  • Host Properties-View and modify access, but cannot send a message.
  • User Properties-View only.
  • Device Identity - View and export data.
  • User can add hosts.

This is the default landing page when a user with this profile logs into FortiNAC.

Access

Add/Modify

Guest/Contractor Accounts

User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials.

Access,

Add/Modify

Delete

Self Registration Requests

User can view self registration requests and allow or deny those requests.

Access

Add/Modify

Operator with delete hosts

Group Membership

User can access the group membership for Hosts and add or modify the selected host's membership in groups.

Access

Add/Modify

Locate Hosts & Users

User can view adapter, host, user, and device identity. User can modify Host information and delete host and adapter records.

Access

Manage Hosts & Ports

  • Adapter List - Disable adapters.
  • Adapter Properties- View only.
  • Host Properties-View and modify access, but cannot send a message.
  • User Properties-View only.
  • Device Identity - View and export data.

This is the default landing page when a user with this profile logs into FortiNAC.

Access

Delete

Guest/Contractor Accounts

User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials.

Access,

Add/Modify

Delete

Self Registration Requests

User can view self registration requests and allow or deny those requests.

Access

Add/Modify

Operator with add hosts and messaging

Group Membership

User can access the group membership for Hosts and add or modify the selected host's membership in groups.

Access

Add/Modify

Locate Hosts & Users

User can view adapter, host, user, and device identity. User can modify Host information but cannot delete any records.

Access

Manage Hosts & Ports

  • Adapter List - Disable adapters.
  • Adapter Properties- View only.
  • Host Properties-View and modify access, and can send a message.
  • User Properties-View only.
  • Device Identity - View and export data.
  • User can add hosts.

This is the default landing page when a user with this profile logs into FortiNAC.

Access

Add/Modify

Guest/Contractor Accounts

User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials.

Access,

Add/Modify

Delete

Self Registration Requests

User can view self registration requests and allow or deny those requests.

Access

Add/Modify

Send Message

User can send messages to hosts with the Persistent Agent installed.

Access

Operator with delete hosts and messaging

Group Membership

User can access the group membership for Hosts and add or modify the selected host's membership in groups.

Access

Add/Modify

Locate Hosts & Users

User can view adapter, host, user, and device identity. User can modify Host information and delete host and adapter records.

Access

Manage Hosts & Ports

  • Adapter List - Disable adapters.
  • Adapter Properties- View only.
  • Host Properties-View and modify access, and can send a message.
  • User Properties-View only.
  • Device Identity - View and export data.

This is the default landing page when a user with this profile logs into FortiNAC.

Access

Delete

Guest/Contractor Accounts

User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials.

Access,

Add/Modify

Delete

Self Registration Requests

User can view self registration requests and allow or deny those requests.

Access

Add/Modify

Send Message

User can send messages to hosts with the Persistent Agent installed.

Access

Operator with delete hosts, add hosts, and messaging

Group Membership

User can access the group membership for Hosts and add or modify the selected host's membership in groups.

Access

Add/Modify

Locate Hosts & Users

User can view adapter, host, user, and device identity. User can modify Host information and delete host and adapter records.

Access

Manage Hosts & Ports

  • Adapter List - Disable adapters.
  • Adapter Properties- View only.
  • Host Properties-View and modify access, and can send a message.
  • User Properties-View only.
  • Device Identity - View and export data.
  • User can add hosts.

This is the default landing page when a user with this profile logs into FortiNAC.

Access

Add/Modify

Delete

Guest/Contractor Accounts

User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials.

Access,

Add/Modify

Delete

Self Registration Requests

User can view self registration requests and allow or deny those requests.

Access

Add/Modify

Send Message

User can send messages to hosts with the Persistent Agent installed.

Access

Profile_Sample

Group Membership

User can access the group membership for Hosts and add or modify the selected host's membership in groups.

Access

Add/Modify

Guest/Contractor Accounts

User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials.

User is limited to the GuestAccess_Sample template, can create accounts 45 days in advance and can create accounts with a maximum duration of 15 days.

Access,

Add/Modify

Custom Settings

Self Registration Requests

User can view self registration requests and allow or deny those requests.

Access

Add/Modify

Security analyst

Dashboard

User can access and view the dashboard

Access

Network Devices

User can view, add, modify, or delete network devices in the following views:

  • CLI configuration
  • Device profiling rules
  • L2 polling
  • L3 polling
  • Locate
  • Port changes
  • Topology

Access

Add/Modify

Delete