System Settings FortiManager 5.2

Profile
The System Settings > Admin > Profile menu enables you to create or edit administrator profiles which are used to limit administrator access permissions to devices or system features. There are four pre-defined system profiles with the following permissions:
Restricted_User Restricted user profiles have no system permissions enabled, and have read-only access for all device permissions.
Type: System Administrator
Standard_User Standard user profiles have no system permissions enabled, but have read/write access for all device permissions.
Type: System Administrator
Super_User Super user profiles have all system and device permissions enabled.
Type: System Administrator
Package_User Package user profile have read/write policy package and objects permissions enabled, and have read-only access for system and other permissions.
Type: System Administrator
Restricted_User and Standard_User administrator profiles do not have access to the System Settings tab. An administrator with either of these administrator profiles will see a change password icon in the navigation pane. Although the System Settings tab is read-only for an administrator with a Package_ User administrator profile, they are able to change their password in the Admin > Administrator page.
The below table lists permissions for the four predefined administrator profiles. When Read/Write is selected, the user can view and make changes to the FortiManager system. When Read-Only is selected, the user can only view information. When None is selected, the user can neither view or make changes to the FortiManager system. The administrator profile restricts access to both the FortiManager Web-based Manager and command line interfaces
Setting Predefined Administrator Profiles
Super User Standard User Restricted User Package User
System Settings system-setting Read/Write None None Read-Only
Administrative Domain adom-switch Read/Write Read/Write None Read-Only
FortiGuard Center fgd_center Read/Write None None Read-Only
Device Manager device-manager Read/Write Read/Write Read-Only Read/Write
Add/Delete Devices/Groups device-op Read/Write Read/Write None Read/Write
Install To Devices deploy-management Read/Write Read/Write Read-Only Read/Write
Retrieve Configuration from
Devices config-retrieve Read/Write Read/Write Read-Only Read-Only
Terminal Access term-access Read/Write Read/Write Read-Only Read-Only
Manage Device Configuration device-config Read/Write Read/Write Read-Only Read/Write
System Templates device-profile Read/Write Read/Write Read-Only Read/Write
Policy & Objects policy-objects Read/Write Read/Write Read-Only Read/Write
Global Policy Packages & Objects global-policy-packages Read/Write Read/Write None Read/Write
Assignment assignment Read/Write None None Read-Only
Policy Packages & Objects adom-policy-packages Read/Write Read/Write Read-Only Read/Write
Setting Predefined Administrator Profiles
Super User Standard User Restricted User Package User
Policy Check consistency-check Read/Write Read/Write Read-Only Read-Only
VPN Manager vpn-manager Read/Write Read/Write Read-Only Read/Write
Workflow Approve workflow-approve Read/Write The administrator can approve or reject workflow sessions. None
The administrator can only view diff. None
The admin-
istrator can only view diff. Read-Only The admin-
istrator can only view diff.
FortiView realtime-monitor Read/Write Read/Write Read-Only Read-Only
Event Management event-management Read/Write Read/Write Read-Only Read-Only
Reports report-viewer Read/Write Read/Write Read-Only Read-Only
You cannot delete these profiles, but you can modify them. You can also create new profiles if required.

To view the list of configured administrator profiles, go to the System Settings > Admin > Profile page.
Administrator profile list

The following information is displayed:
Profile The administrator profile name. Select the profile name to view or modify existing settings. For more information about profile settings, see Configuring administrator profiles on page 105.
Type The profile type. Either System Admin or Restricted Admin.
Description Provides a brief description of the system and device access permissions allowed for the selected profile.
The following options are available:
Create New Select to create a custom administrator profile. See Configuring administrator profiles.
Edit Select the checkbox next to the profile, right-click, and select Edit in the right-click menu to edit the entry. Alternatively, you can double-click the entry to open the Edit Profile page.
Delete Select the check box next to the profile you want to delete and select Delete. Predefined profiles cannot be deleted. You can only delete custom profiles when they are not applied to any administrators.
Configuring administrator profiles
You can modify one of the pre-defined profiles or create a custom profile if needed. Only administrators with full system permissions can modify the administrator profiles. Depending on the nature of the administrator’s work, access level, or seniority, you can allow them to view and configure as much, or as little, as required.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.