Administrator profiles – FortiAnalyzer – FortiOS 6.2.3

Administrator profiles

Administrator profiles are used to control administrator access privileges to devices or system features. Profiles are assigned to administrator accounts when an administrator is created. The profile controls access to both the FortiAnalyzer GUI and CLI.

There are three predefined system profiles:

Restricted_User Restricted user profiles have no system privileges enabled, and have read-only access for all device privileges.
Standard_User Standard user profiles have no system privileges enabled, and have read/write access for all device privileges.
Super_User Super user profiles have all system and device privileges enabled. It cannot be edited.

These profiles cannot be deleted, but standard and restricted profiles can be edited. New profiles can also be created as required. Only super user administrators can manage administrator profiles.

Go to System Settings > Admin > Profile to view and manage administrator profiles.

The following options are available:

Create New Create a new administrator profile. See Creating administrator profiles on page 231.
Edit Edit the selected profile. See Editing administrator profiles on page 233.
Clone Clone the selected profile. See Cloning administrator profiles on page 233.
Delete Delete the selected profile or profiles. See Deleting administrator profiles on page 233.
Search Search the administrator profiles list.

The following information is shown:

Name The name the administrator uses to log in.
Type The profile type.
Description A description of the system and device access permissions allowed for the selected profile.

Permissions

The below table lists the default permissions for the predefined administrator profiles.

When Read-Write is selected, the user can view and make changes to the FortiAnalyzer system. When Read-Only is selected, the user can only view information. When None is selected, the user can neither view or make changes to the FortiAnalyzer system.

Setting   Predefined Administrator Profile
  Super User Standard User Restricted User
System Settings system-setting Read-Write None None
Administrative Domain adom-switch Read-Write Read-Write None
Device Manager device-manager Read-Write Read-Write Read-Only
Add/Delete/Edit

Devices/Groups device-op

Read-Write Read-Write None
Log View/FortiView/SOC log-viewer Read-Write Read-Write Read-Only
Incidents & Events event-management Read-Write Read-Write Read-Only
Reports report-viewer Read-Write Read-Write Read-Only
FortiRecorder Read-Write Read-Write None
CLI only settings      
device-wan-link-load-balance Read-Write Read-Write Read-Only
device-ap Read-Write Read-Write Read-Only
device-forticlient Read-Write Read-Write Read-Only
device-fortiswitch Read-Write Read-Write Read-Only
realtime-monitor Read-Write Read-Write Read-Only

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos