config system accprofile
Configure access profiles for system administrators.
config system accprofile
Description: Configure access profiles for system administrators.
edit <name>
set scope [vdom|global]
set comments {var-string}
set secfabgrp [none|read|...]
set ftviewgrp [none|read|...]
set authgrp [none|read|...]
set sysgrp [none|read|...]
set netgrp [none|read|...]
set loggrp [none|read|...]
set fwgrp [none|read|...]
set vpngrp [none|read|...]
set utmgrp [none|read|...]
set wanoptgrp [none|read|...]
config netgrp-permission
Description: Custom network permission.
set cfg [none|read|...]
set packet-capture [none|read|...]
set route-cfg [none|read|...]
end
config sysgrp-permission
Description: Custom system permission.
set admin [none|read|...]
set upd [none|read|...]
set cfg [none|read|...]
set mnt [none|read|...]
end
config fwgrp-permission
Description: Custom firewall permission.
set policy [none|read|...]
set address [none|read|...]
set service [none|read|...]
set schedule [none|read|...]
set others [none|read|...]
end
config loggrp-permission
Description: Custom Log & Report permission.
set config [none|read|...]
set data-access [none|read|...]
set report-access [none|read|...]
set threat-weight [none|read|...]
end
config utmgrp-permission
Description: Custom Security Profile permissions.
set antivirus [none|read|...]
set ips [none|read|...]
set webfilter [none|read|...]
set emailfilter [none|read|...]
set data-leak-prevention [none|read|...]
set file-filter [none|read|...]
set application-control [none|read|...]
set icap [none|read|...]
set voip [none|read|...]
set waf [none|read|...]
set dnsfilter [none|read|...]
set endpoint-control [none|read|...]
set videofilter [none|read|...]
end
set admintimeout-override [enable|disable]
set admintimeout {integer}
set system-diagnostics [enable|disable]
set system-execute-ssh [enable|disable]
set system-execute-telnet [enable|disable]
next
end
config system accprofile
|
Parameter |
Description |
Type |
Size |
Default |
||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
name |
Profile name. |
string |
Maximum length: 35 |
|
||||||||||
|
scope |
Scope of admin access: global or specific VDOM(s). |
option |
- |
vdom |
||||||||||
|
|
|
|||||||||||||
|
comments |
Comment. |
var-string |
Maximum length: 255 |
|
||||||||||
|
secfabgrp |
Security Fabric. |
option |
- |
none |
||||||||||
|
|
|
|||||||||||||
|
ftviewgrp |
FortiView. |
option |
- |
none |
||||||||||
|
|
|
|||||||||||||
|
authgrp |
Administrator access to Users and Devices. |
option |
- |
none |
||||||||||
|
|
|
|||||||||||||
|
sysgrp |
System Configuration. |
option |
- |
none |
||||||||||
|
|
|
|||||||||||||
|
netgrp |
Network Configuration. |
option |
- |
none |
||||||||||
|
|
|
|||||||||||||
|
loggrp |
Administrator access to Logging and Reporting including viewing log messages. |
option |
- |
none |
||||||||||
|
|
|
|||||||||||||
|
fwgrp |
Administrator access to the Firewall configuration. |
option |
- |
none |
||||||||||
|
|
|
|||||||||||||
|
vpngrp |
Administrator access to IPsec, SSL, PPTP, and L2TP VPN. |
option |
- |
none |
||||||||||
|
|
|
|||||||||||||
|
utmgrp |
Administrator access to Security Profiles. |
option |
- |
none |
||||||||||
|
|
|
|||||||||||||
|
wanoptgrp |
Administrator access to WAN Opt & Cache. |
option |
- |
none |
||||||||||
|
|
|
|||||||||||||
|
admintimeout-override |
Enable/disable overriding the global administrator idle timeout. |
option |
- |
disable |
||||||||||
|
|
|
|||||||||||||
|
admintimeout |
Administrator timeout for this access profile. |
integer |
Minimum value: 1 Maximum value: 480 |
10 |
||||||||||
|
system-diagnostics |
Enable/disable permission to run system diagnostic commands. |
option |
- |
enable |
||||||||||
|
|
|
|||||||||||||
|
system-execute-ssh |
Enable/disable permission to execute SSH commands. |
option |
- |
enable |
||||||||||
|
|
|
|||||||||||||
|
system-execute-telnet |
Enable/disable permission to execute TELNET commands. |
option |
- |
enable |
||||||||||
|
|
|
|||||||||||||
config netgrp-permission
|
Parameter |
Description |
Type |
Size |
Default |
||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
cfg |
Network Configuration. |
option |
- |
none |
||||||||
|
|
|
|||||||||||
|
packet-capture |
Packet Capture Configuration. |
option |
- |
none |
||||||||
|
|
|
|||||||||||
|
route-cfg |
Router Configuration. |
option |
- |
none |
||||||||
|
|
|
|||||||||||
config sysgrp-permission
|
Parameter |
Description |
Type |
Size |
Default |
||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
admin |
Administrator Users. |
option |
- |
none |
||||||||
|
|
|
|||||||||||
|
upd |
FortiGuard Updates. |
option |
- |
none |
||||||||
|
|
|
|||||||||||
|
cfg |
System Configuration. |
option |
- |
none |
||||||||
|
|
|
|||||||||||
|
mnt |
Maintenance. |
option |
- |
none |
||||||||
|
|
|
|||||||||||
config fwgrp-permission
|
Parameter |
Description |
Type |
Size |
Default |
||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
policy |
Policy Configuration. |
option |
- |
none |
||||||||
|
|
|
|||||||||||
|
address |
Address Configuration. |
option |
- |
none |
||||||||
|
|
|
|||||||||||
|
service |
Service Configuration. |
option |
- |
none |
||||||||
|
|
|
|||||||||||
|
schedule |
Schedule Configuration. |
option |
- |
none |
||||||||
|
|
|
|||||||||||
|
others |
Other Firewall Configuration. |
option |
- |
none |
||||||||
|
|
|
|||||||||||
config loggrp-permission
|
Parameter |
Description |
Type |
Size |
Default |
||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
config |
Log & Report configuration. |
option |
- |
none |
||||||||
|
|
|
|||||||||||
|
data-access |
Log & Report Data Access. |
option |
- |
none |
||||||||
|
|
|
|||||||||||
|
report-access |
Log & Report Report Access. |
option |
- |
none |
||||||||
|
|
|
|||||||||||
|
threat-weight |
Log & Report Threat Weight. |
option |
- |
none |
||||||||
|
|
|
|||||||||||
config utmgrp-permission
|
Parameter |
Description |
Type |
Size |
Default |
||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
antivirus |
Antivirus profiles and settings. |
option |
- |
none |
||||||||
|
|
|
|||||||||||
|
ips |
IPS profiles and settings. |
option |
- |
none |
||||||||
|
|
|
|||||||||||
|
webfilter |
Web Filter profiles and settings. |
option |
- |
none |
||||||||
|
|
|
|||||||||||
|
emailfilter |
Email Filter and settings. |
option |
- |
none |
||||||||
|
|
|
|||||||||||
|
data-leak-prevention |
DLP profiles and settings. |
option |
- |
none |
||||||||
|
|
|
|||||||||||
|
file-filter |
File-filter profiles and settings. |
option |
- |
none |
||||||||
|
|
|
|||||||||||
|
application-control |
Application Control profiles and settings. |
option |
- |
none |
||||||||
|
|
|
|||||||||||
|
icap |
ICAP profiles and settings. |
option |
- |
none |
||||||||
|
|
|
|||||||||||
|
voip |
VoIP profiles and settings. |
option |
- |
none |
||||||||
|
|
|
|||||||||||
|
waf |
Web Application Firewall profiles and settings. |
option |
- |
none |
||||||||
|
|
|
|||||||||||
|
dnsfilter |
DNS Filter profiles and settings. |
option |
- |
none |
||||||||
|
|
|
|||||||||||
|
endpoint-control |
FortiClient Profiles. |
option |
- |
none |
||||||||
|
|
|
|||||||||||
|
videofilter |
Video filter profiles and settings. |
option |
- |
none |
||||||||
|
|
|
|||||||||||