Fortinet black logo

CLI Reference

Home FortiMail 7.4.0 CLI Reference
7.4.0
7.4.2
7.4.1
7.4.0
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.7
7.0.6
7.0.5
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.0
6.0.4
6.0.3
6.0.1
6.0.0
5.4.9
5.4.8
5.4.6
5.4.5
5.4.4
5.4.3
5.4.0

system accprofile

system accprofile

Use this command to configure access profiles that, in conjunction with the domain or system-wide access level, govern whether or not an administrator account has permissions to view, change, or use features in each functional area. For details, see the FortiMail Administration Guide.

Syntax

config system accprofile

edit system accprofile

set comment <description_str>

config menuitem

edit {archive_grp | cluster_grp | content_grp | dashboard_grp | domain_grp | encryption_grp | fortiview_grp | log_grp | monitor_grp | ms365_grp | others_grp | policy_grp | profile_grp | security_grp | system_grp}

set permission {custom | none | read | read-write}

set content-detail {enable | disable}

next

end

set system accprofile

set privilege-level {high | low | medium}

set system-diagnostics {enable | disable}

set system accprofile

end

Variable

Description

Default

<profile_name>

Enter the name of the access profile.

comment <description_str>

Enter a descriptive comment.

{archive_grp | cluster_grp | content_grp | dashboard_grp | domain_grp | encryption_grp | fortiview_grp | log_grp | monitor_grp | ms365_grp | others_grp | policy_grp | profile_grp | security_grp | system_grp}

Enter the name of the functional area that you want to grant permissions for.

For example, SAML SSO settings are in multiple areas of the CLI and GUI. Therefore administrators that configure SSO require read-write or read-update permissions for all of these:

  • domain_grp
  • profile_grp
  • system_grp

permission {custom | none | read | read-write}

Grant a permission for features in the functional area.

read-update is like read-write, except new tables (profiles etc.) cannot be created and existing ones cannot be deleted.

none

content-detail {enable | disable}

Enable or disable administrators with Read privileges or better to be able to view email contents.

Note: This setting is only available for archive_grp.

enable

granular-group {all}

Enter the permission for granular control.

all

privilege-level {high | low | medium}

Set the access profile's privilege level.

Administrators with a low privilege level cannot use diagnose or config system CLI commands.

medium

system-diagnostics {enable | disable}

Enable or disable permission to run system diagnostic commands.

enable

system-quarantine-folder {none | read | read-write}

For system quarantine, enter the permissions that will be granted to administrator accounts associated with this access profile.

none

Related topics

system admin

Previous
Next

system accprofile

Use this command to configure access profiles that, in conjunction with the domain or system-wide access level, govern whether or not an administrator account has permissions to view, change, or use features in each functional area. For details, see the FortiMail Administration Guide.

Syntax

config system accprofile

edit system accprofile

set comment <description_str>

config menuitem

edit {archive_grp | cluster_grp | content_grp | dashboard_grp | domain_grp | encryption_grp | fortiview_grp | log_grp | monitor_grp | ms365_grp | others_grp | policy_grp | profile_grp | security_grp | system_grp}

set permission {custom | none | read | read-write}

set content-detail {enable | disable}

next

end

set system accprofile

set privilege-level {high | low | medium}

set system-diagnostics {enable | disable}

set system accprofile

end

Variable

Description

Default

<profile_name>

Enter the name of the access profile.

comment <description_str>

Enter a descriptive comment.

{archive_grp | cluster_grp | content_grp | dashboard_grp | domain_grp | encryption_grp | fortiview_grp | log_grp | monitor_grp | ms365_grp | others_grp | policy_grp | profile_grp | security_grp | system_grp}

Enter the name of the functional area that you want to grant permissions for.

For example, SAML SSO settings are in multiple areas of the CLI and GUI. Therefore administrators that configure SSO require read-write or read-update permissions for all of these:

  • domain_grp
  • profile_grp
  • system_grp

permission {custom | none | read | read-write}

Grant a permission for features in the functional area.

read-update is like read-write, except new tables (profiles etc.) cannot be created and existing ones cannot be deleted.

none

content-detail {enable | disable}

Enable or disable administrators with Read privileges or better to be able to view email contents.

Note: This setting is only available for archive_grp.

enable

granular-group {all}

Enter the permission for granular control.

all

privilege-level {high | low | medium}

Set the access profile's privilege level.

Administrators with a low privilege level cannot use diagnose or config system CLI commands.

medium

system-diagnostics {enable | disable}

Enable or disable permission to run system diagnostic commands.

enable

system-quarantine-folder {none | read | read-write}

For system quarantine, enter the permissions that will be granted to administrator accounts associated with this access profile.

none

Related topics

system admin

Previous
Next