Default administrator profiles
FortiNAC has some default profiles that can be used to control system access. These profiles are always included in the database. With the exception of the System Administrator profile, they can be modified, deleted or copied.
Default profiles - new database
The table below describes the profiles that are in any new FortiNAC database and the default settings for each profile.
|
View |
Access |
Permissions enabled |
|---|---|---|
|
System Administrator |
||
|
All |
This profile cannot be deleted or copied. The only attribute of this profile that can be modified is the Inactivity Time. The System Administrator profile has access to every part of FortiNAC. |
All |
|
Help desk |
||
|
Group Membership |
User can access the group membership for Hosts and add or modify the selected host's membership in groups. |
Access |
|
Guest/Contractor Accounts |
User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials. |
Access, Add/Modify Delete |
|
Locate Hosts & Users |
User can search for Hosts and Users but cannot modify data. This is the default landing page when a user with this profile logs into FortiNAC. |
Access |
|
Self Registration Requests |
User can view self registration requests and allow or deny those requests. |
Access Add/Modify |
|
Operator |
||
|
Group Membership |
User can access the group membership for Hosts and add or modify the selected host's membership in groups. Operators are restricted to the host and user groups they are configured to manage. They do not have access to all hosts and users |
Access Add/Modify |
|
Locate Hosts & Users |
User can view adapter, host, user, and device identity. User can modify Host information but cannot delete any records. |
Access |
|
Manage Hosts & Ports |
This is the default landing page when a user with this profile logs into FortiNAC. |
Access |
|
Guest/Contractor Accounts |
User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials. |
Access, Add/Modify Delete |
|
Self Registration Requests |
User can view self registration requests and allow or deny those requests. |
Access Add/Modify |
|
Profile_Sample |
||
|
Group Membership |
User can access the group membership for Hosts and add or modify the selected host's membership in groups. |
Access Add/Modify |
|
Guest/Contractor Accounts |
User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials. User is limited to the GuestAccess_Sample template, can create accounts 45 days in advance and can create accounts with a maximum duration of 15 days. |
Access, Add/Modify Custom Settings |
|
Self Registration Requests |
User can view self registration requests and allow or deny those requests. |
Access Add/Modify |
|
Security analyst |
||
|
Dashboard |
User can access and view the dashboard. |
Access |
|
Network Devices |
User can view, add, modify, or delete network devices in the following views:
|
Access Add/Modify Delete |
|
Users/Hosts/ |
User can access, add, modify, or delete users, hosts, and adapters in the following views:
|
Access Add/Modify Delete |
Possible profiles - upgraded database
Prior versions of FortiNAC contained several user types with varying permissions. From Version 7.0 forward there is only one type of administrator and access is controlled based on the settings of the administrator profile associated with each user. During the upgrade process any existing administrator types and their corresponding permissions are converted to administrator profiles and assigned to administrators. There may be many as two Help Desk profiles and eight Operator profiles created during the upgrade. The table below contains the full list of administrator profiles that could be created.
|
View |
Access |
Permissions enabled |
|---|---|---|
|
Administrator |
||
|
All |
This profile cannot be deleted or copied. The only attribute of this profile that can be modified is the Inactivity Time. The System Administrator profile has access to every part of FortiNAC. |
All |
|
Help desk |
||
|
Group Membership |
User can access the group membership for Hosts and add or modify the selected host's membership in groups. |
Access |
|
Guest/Contractor Accounts |
User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials. |
Access, Add/Modify Delete |
|
Locate Hosts & Users |
User can search for Hosts and Users but cannot modify data. This is the default landing page when a user with this profile logs into FortiNAC. |
Access |
|
Self Registration Requests |
User can view self registration requests and allow or deny those requests. |
Access Add/Modify |
|
Help desk with messaging |
||
|
Group Membership |
User can access the group membership for Hosts and add or modify the selected host's membership in groups. |
Access |
|
Guest/Contractor Accounts |
User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials. |
Access, Add/Modify Delete |
|
Locate Hosts & Users |
User can search for Hosts and Users but cannot modify data. This is the default landing page when a user with this profile logs into FortiNAC. |
Access |
|
Send Message |
User can send messages to hosts with the Persistent Agent or Mobile Agent installed. |
Access |
|
Self Registration Requests |
User can view self registration requests and allow or deny those requests. |
Access Add/Modify |
|
Operator |
||
|
Group Membership |
User can access the group membership for Hosts and add or modify the selected host's membership in groups. Operators are restricted to the host and user groups they are configured to manage. They do not have access to all hosts and users |
Access Add/Modify |
|
Locate Hosts & Users |
User can view adapter, host, user, and device identity. User can modify Host information but cannot delete any records. |
Access |
|
Manage Hosts & Ports |
Adapter List - Disable adapters. Adapter Properties- View only. Host Properties-View and modify access, but cannot send a message. User Properties - View Only. Device Identity - View and export data. This is the default landing page when a user with this profile logs into FortiNAC. |
Access |
|
Guest/Contractor Accounts |
User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials. |
Access, Add/Modify Delete |
|
Self Registration Requests |
User can view self registration requests and allow or deny those requests. |
Access Add/Modify |
|
Operator with messaging |
||
|
Group Membership |
User can access the group membership for Hosts and add or modify the selected host's membership in groups. |
Access Add/Modify |
|
Locate Hosts & Users |
User can view adapter, host, user, and device identity. User can modify Host information but cannot delete any records. |
Access |
|
Manage Hosts & Ports |
This is the default landing page when a user with this profile logs into FortiNAC. |
Access |
|
Guest/Contractor Accounts |
User can add, modify or delete guest accounts, send email and SMS messages to guests with their credentials. |
Access, Add/Modify Delete |
|
Self Registration Requests |
User can view self registration requests and allow or deny those requests. |
Access Add/Modify |
|
Send Message |
User can send messages to hosts with the Persistent Agent installed. |
Access |
|
Operator with add hosts |
||
|
Group Membership |
User can access the group membership for Hosts and add or modify the selected host's membership in groups. |
Access Add/Modify |
|
Locate Hosts & Users |
User can view adapter, host, user, and device identity. User can modify Host information but cannot delete any records. |
Access |
|
Manage Hosts & Ports |
This is the default landing page when a user with this profile logs into FortiNAC. |
Access Add/Modify |
|
Guest/Contractor Accounts |
||