Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiSandbox 4.2.4 Administration Guide
    4.2.4
    5.0.0
    4.4.6
    4.4.5
    4.4.4
    4.4.3
    4.4.2
    4.4.1
    4.4.0
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.0.5
    4.0.4
    4.0.3
    4.0.2
    4.0.1
    4.0.0
    3.2.4
    3.2.3
    3.2.2
    3.2.1
    3.2.0
    3.1.5
    3.1.4
    3.1.3
    3.1.2
    3.1.1
    3.1.0
    3.0.7
    3.0.6

    Admin Profiles

    Admin Profiles

    Administrator profiles are used to control administrator access privileges to system features. Profiles are assigned to administrator accounts when an administrator is created.

    There are three predefined administrator profiles, which cannot be modified or deleted:

    • Super Admin: All functionalities are accessible.
    • Read Only: Can view certain pages but cannot change any system setting.
    • Device: Can view certain pages about assigned devices, but cannot change any system setting.

    All previous created users in earlier builds are mapped to these three default profiles.

    Only the Super Admin user can create, edit, and delete administrator profiles and new users if the user is assigned Read Write privilege in System > Admin.

    Read Write

    User can view and make changes to the system.

    Read Only

    User can only view information.

    None

    User cannot view or make changes to the system.

    Menu Access

    Description
    Dashboard Status

    Grant access to Dashboard > Status.

    Scan Performance

    Grant access to Dashboard > Scan Performance. See Scan Performance (dashboard).
    Operation Center

    Grant access to Dashboard > Operation Center. See Operation Center
    Threats Analysis

    Grant access to Dashboard > Threats by Topology, Threats by Hosts, Threats by Files, Threats by Device.
    Security Fabric

    Grant access to Security Fabric > Device, FortiClient, Adapter, Network Share, Quarantine, Sniffer, FortiNDR. See Security Fabric.
    Scan Job Job Queue

    Grant access to Scan Job > Job Queue. See Job Queue.
    VM Jobs

    Grant access to Scan Job > VM Jobs. See VM Jobs.
    Scan Searches

    Grant access to Scan Job > File Job Search, URL Job Search. See File Job Search and URL Job Search.
    Overridden Verdicts

    Grant access to Scan Job > Overridden Verdicts. See Overridden Verdicts.
    On Demand

    Grant access to Scan Job > File On-Demand, URL On-Demand. See File On-Demand andURL On-Demand.

    Scan Policy and Object Scan Configurations

    Grant access to Scan Policy and Object > Scan Profile, General Settings, Job Priority, Job Archive, Allowlist/Blocklist, Web Category, Customized Rating, Yara Rules, Threat Intelligence, Global Network. See Scan Policy and Object.
    VM Settings

    Grant access to Scan Policy and Object > VM Settings. See VM Settings
    Packages

    Grant access to Scan Policy and Object > Malware Package, URL Package, TCP RST Package. See Malware Package, URL Package, and TCP RST package.
    System Admin

    Grant access to System > Administrator, Admin Profile, Device Group, LDAP Servers, RADIUS servers, Certificates . See Administrators and Admin Profiles.
    Network

    Grant access to System > Interfaces, DNS, Static Route.
    Maintenance

    Grant access to System > Mail Servers, FortiGuard, Login Disclaimer, SNMP, System Recovery, Settings.
    Event Calendar

    Grant access to System > Event Calendar, Event Calendar Settings.

    See Event Calendar
    Job View Settings

    Grant access to System > Job View Settings. See Job View Settings.
    HA Cluster

    Grant access to the HA-Cluster settings. See HA-Cluster.
    Logs & Reports Log Events

    Grant access to Log & Report > Events > All Events, System Events, VM Events, Job Events, Notification Events. See Log Categories
    Summary Report

    Grant access to Log & Report > Summary Report. See Summary Reports.
    Report Center

    Grant access to Log & Report > Report Center. See Report Center.
    Customize Report

    Grant access to Log & Report > Customize Report. See Customize Report.
    File Statistic/Scan

    Grant access to Log & Report > File Statistics, File Scan. See File Statistics and File Scan.
    Network Alerts

    Grant access to Log & Report > Network Alerts. See Network Alerts.
    URL Statistic/Scan

    Grant access to Log & Report > URL Statistic, URL Scan. See URL Scan.
    Log Servers

    Grant access to Log & Report > Log Servers. See Log Servers.
    Log Settings

    Grant access to Log & Report > Log Settings. See Local Log
    Control Access

    Click to Disable or Enable all the Control Access settings.
    Mark FPN

    Allow the profile to override a false positive or negative.

    Download Original File

    		Enable to download the original file from the Job Detail page. See FortiGuard.
    JSON API

    Grant the profile JSON API privileges.

    Allow On-Demand Scan Interaction

    Enable to use VM interaction during the On-Demand scan or take scan snapshots in the VM Status page.
    Allow On-Demand Scan Video Recording

    Allow the profile to take a video during the On-Demand scan and watch it later in the On-Demand page.
    Previous
    Next

    Admin Profiles

    Admin Profiles

    Administrator profiles are used to control administrator access privileges to system features. Profiles are assigned to administrator accounts when an administrator is created.

    There are three predefined administrator profiles, which cannot be modified or deleted:

    • Super Admin: All functionalities are accessible.
    • Read Only: Can view certain pages but cannot change any system setting.
    • Device: Can view certain pages about assigned devices, but cannot change any system setting.

    All previous created users in earlier builds are mapped to these three default profiles.

    Only the Super Admin user can create, edit, and delete administrator profiles and new users if the user is assigned Read Write privilege in System > Admin.

    Read Write

    User can view and make changes to the system.

    Read Only

    User can only view information.

    None

    User cannot view or make changes to the system.

    Menu Access

    Description
    Dashboard Status

    Grant access to Dashboard > Status.

    Scan Performance

    Grant access to Dashboard > Scan Performance. See Scan Performance (dashboard).
    Operation Center

    Grant access to Dashboard > Operation Center. See Operation Center
    Threats Analysis

    Grant access to Dashboard > Threats by Topology, Threats by Hosts, Threats by Files, Threats by Device.
    Security Fabric

    Grant access to Security Fabric > Device, FortiClient, Adapter, Network Share, Quarantine, Sniffer, FortiNDR. See Security Fabric.
    Scan Job Job Queue

    Grant access to Scan Job > Job Queue. See Job Queue.
    VM Jobs

    Grant access to Scan Job > VM Jobs. See VM Jobs.
    Scan Searches

    Grant access to Scan Job > File Job Search, URL Job Search. See File Job Search and URL Job Search.
    Overridden Verdicts

    Grant access to Scan Job > Overridden Verdicts. See Overridden Verdicts.
    On Demand

    Grant access to Scan Job > File On-Demand, URL On-Demand. See File On-Demand andURL On-Demand.

    Scan Policy and Object Scan Configurations

    Grant access to Scan Policy and Object > Scan Profile, General Settings, Job Priority, Job Archive, Allowlist/Blocklist, Web Category, Customized Rating, Yara Rules, Threat Intelligence, Global Network. See Scan Policy and Object.
    VM Settings

    Grant access to Scan Policy and Object > VM Settings. See VM Settings
    Packages

    Grant access to Scan Policy and Object > Malware Package, URL Package, TCP RST Package. See Malware Package, URL Package, and TCP RST package.
    System Admin

    Grant access to System > Administrator, Admin Profile, Device Group, LDAP Servers, RADIUS servers, Certificates . See Administrators and Admin Profiles.
    Network

    Grant access to System > Interfaces, DNS, Static Route.
    Maintenance

    Grant access to System > Mail Servers, FortiGuard, Login Disclaimer, SNMP, System Recovery, Settings.
    Event Calendar

    Grant access to System > Event Calendar, Event Calendar Settings.

    See Event Calendar
    Job View Settings

    Grant access to System > Job View Settings. See Job View Settings.
    HA Cluster

    Grant access to the HA-Cluster settings. See HA-Cluster.
    Logs & Reports Log Events

    Grant access to Log & Report > Events > All Events, System Events, VM Events, Job Events, Notification Events. See Log Categories
    Summary Report

    Grant access to Log & Report > Summary Report. See Summary Reports.
    Report Center

    Grant access to Log & Report > Report Center. See Report Center.
    Customize Report

    Grant access to Log & Report > Customize Report. See Customize Report.
    File Statistic/Scan

    Grant access to Log & Report > File Statistics, File Scan. See File Statistics and File Scan.
    Network Alerts

    Grant access to Log & Report > Network Alerts. See Network Alerts.
    URL Statistic/Scan

    Grant access to Log & Report > URL Statistic, URL Scan. See URL Scan.
    Log Servers

    Grant access to Log & Report > Log Servers. See Log Servers.
    Log Settings

    Grant access to Log & Report > Log Settings. See Local Log
    Control Access

    Click to Disable or Enable all the Control Access settings.
    Mark FPN

    Allow the profile to override a false positive or negative.

    Download Original File

    		Enable to download the original file from the Job Detail page. See FortiGuard.
    JSON API

    Grant the profile JSON API privileges.

    Allow On-Demand Scan Interaction

    Enable to use VM interaction during the On-Demand scan or take scan snapshots in the VM Status page.
    Allow On-Demand Scan Video Recording

    Allow the profile to take a video during the On-Demand scan and watch it later in the On-Demand page.
    Previous
    Next