Permissions
Depending on the account that you use to log in to the FortiWeb appliance, you may not have complete access to all CLI commands or areas of the web UI.
Access profiles control which commands and areas an administrator account can access. Access profiles assign either:
- Read (view access)
- Both Read and Write (view access, and change and execute access)
- No access
to each area of the FortiWeb software. For details about configuring the access profile for an administrator account to use, see system accprofile.
Access profile permissions
Admin Users |
System > Admin ... except Settings |
Web UI |
admingrp
|
config system admin config system accprofile |
CLI |
Auth Users |
User ... |
Web UI |
authusergrp |
config user ... |
CLI |
Log & Report |
Log&Report ... |
Web UI |
loggrp |
config log ... execute formatlogdisk |
CLI |
Maintenance |
System > Maintenance except System Time tab |
Web UI |
mntgrp |
diagnose system ... execute backup ... execute factoryreset execute reboot execute restore ... execute shutdown diagnose system flash ... |
CLI |
Network Configuration |
Network ... |
Web UI |
netgrp |
config router ... config system interface config system dns config system v-zone diagnose network ... except |
CLI |
System Configuration |
System ... except Network, Admin, and Maintenance tabs |
Web UI |
sysgrp |
diagnose hardware ... diagnose network sniffer ... diagnose system ... except flash ... execute date ... execute ha ... execute ping ... execute ping-option ... execute traceroute ... execute time ... |
CLI |
Server Policy Configuration |
Policy > Server Policy ... Server Objects ... Application Delivery ... |
Web UI |
traroutegrp |
config server-policy ... except custom-application ... config waf file-compress-rule config waf HTTP-authen ... config waf url-rewrite ... diagnose policy ... |
CLI |
Web Anti-Defacement Management |
Web Anti-Defacement ... |
Web UI |
wadgrp |
config wad ... |
CLI |
Web Protection Configuration |
Policy > Web Protection ... Web Protection ... DoS Protection ... |
Web UI |
wafgrp |
|
CLI |
Machine Learning Configuration |
Web Protection > ML Based Anomaly Detection Bot Mitigation > ML Based Bot Detection API Protection > ML Based API Protection |
Web UI |
|
config waf api-learning-policy config waf bot-detection-policy config waf machine-learning-policy |
CLI |
Web Vulnerability Scan Configuration |
Web Vulnerability Scan ... |
Web UI |
wvsgrp |
config wvs ... |
CLI |
* For each
|
Unlike other administrator accounts, the administrator account named admin
exists by default and cannot be deleted. The admin
administrator account is similar to a root administrator account. This administrator account always has full permission to view and change all FortiWeb configuration options, including viewing and changing all other administrator accounts. Its name and permissions cannot be changed. It is the only administrator account that can reset another administrator’s password without being required to enter that administrator’s existing password.
Set a strong password for the |
For complete access to all commands, you must log in with the admin
administrator account.