Fortinet black logo

Administration Guide

Profiles

Copy Link
Copy Doc ID 62d32790-0451-11ec-8f3f-00505692583a:606914
Download PDF

Profiles

In addition to the default “admin” account, you might want to set up other administrators with different levels of system access.

Administer profiles define what the administrator user can do when logged into the FortiSwitch unit. When you set up an administrator user account, you also assign an administrator profile, which dictates what the administrator user will see. Depending on the nature of the administrator’s work, access level, or seniority, you can allow them to view and configure as much, or as little, as required.

The super_admin administrator is the administrative account that the primary administrator should have to log into the FortiSwitch unit. The profile cannot be deleted or modified to ensure there is always a method to administer the FortiSwitch unit. This user profile has access to all components of the system, including the ability to add and remove other system administrators. For some administrative functions, such as backing up and restoring the configuration using SCP, super_admin access is required.

To configure administrator profiles, go to System > Admin > Profiles. You can only assign one profile to each administrator user.

On the Add Profile page, you define the components of the FortiSwitch unit that will be available to view and/or edit. For example, if you configure a profile so that the administrator can only access System Configuration, this admin will not be able to change Network settings. For more detail about what is covered by each access control, see Access control.

Using the GUI:
  1. Go to System > Admin > Profiles and select Add Profile.


  2. Give the profile an appropriate name.
  3. Set Access Control as required, selecting None, Read Only, or Read-Write for each line.
  4. Select Add.
Using the CLI:

config system accprofile

edit <name>

set admingrp {none | read | read-write}

set loggrp {none | read | read-write}

set netgrp {none | read | read-write}

set routegrp {none | read | read-write}

set sysgrp {none | read | read-write}

end

end

Profiles

In addition to the default “admin” account, you might want to set up other administrators with different levels of system access.

Administer profiles define what the administrator user can do when logged into the FortiSwitch unit. When you set up an administrator user account, you also assign an administrator profile, which dictates what the administrator user will see. Depending on the nature of the administrator’s work, access level, or seniority, you can allow them to view and configure as much, or as little, as required.

The super_admin administrator is the administrative account that the primary administrator should have to log into the FortiSwitch unit. The profile cannot be deleted or modified to ensure there is always a method to administer the FortiSwitch unit. This user profile has access to all components of the system, including the ability to add and remove other system administrators. For some administrative functions, such as backing up and restoring the configuration using SCP, super_admin access is required.

To configure administrator profiles, go to System > Admin > Profiles. You can only assign one profile to each administrator user.

On the Add Profile page, you define the components of the FortiSwitch unit that will be available to view and/or edit. For example, if you configure a profile so that the administrator can only access System Configuration, this admin will not be able to change Network settings. For more detail about what is covered by each access control, see Access control.

Using the GUI:
  1. Go to System > Admin > Profiles and select Add Profile.


  2. Give the profile an appropriate name.
  3. Set Access Control as required, selecting None, Read Only, or Read-Write for each line.
  4. Select Add.
Using the CLI:

config system accprofile

edit <name>

set admingrp {none | read | read-write}

set loggrp {none | read | read-write}

set netgrp {none | read | read-write}

set routegrp {none | read | read-write}

set sysgrp {none | read | read-write}

end

end