Profile

Restricted_User	Restricted user profiles have no System Privileges enabled, and have read‑only access for all Device Privileges.
Standard_User	Standard user profiles have no System Privileges enabled, but have read/write access for all Device Privileges.
Super_User	Super user profiles have all system and device privileges enabled.

Table 4 lists permissions for the three predefined administrator profiles. When Read-Write is selected, the user can view and make changes to the FortiAnalyzer system. When Read-Only is selected, the user can only view information. When None is selected, the user can neither view or make changes to the FortiAnalyzer system. The administrator profile restricts access to both the FortiAnalyzer Web-based Manager and CLI.

Table 4: Predefined profiles, FortiAnalyzer features, and permissions
Feature		Predefined Administrator Profiles
Feature		Super User	Standard User	Restricted User
System Settings / system-setting		Read-Write	None	None
Administrator Domain / adom-switch		Read-Write	Read-Write	None
Device Manager / device-manager		Read-Write	Read-Write	Read-Only
	Add/Delete Devices/Groups / device-op	Read-Write	Read-Write	None
Drill Down / realtime-monitor		Read-Write	Read-Write	Read-Only
Log View / log-viewer		Read-Write	Read-Write	Read-Only
Reports / report-viewer		Read-Write	Read-Write	Read-Only
Event Management / event-management		Read-Write	Read-Write	Read-Only
CLI Only Settings
profileid		Super_User	Standard_User	Restricted_User
scope		global	global	global
global-policy-packages		Not in use.	Not in use.	Not in use.
global-objects		Not in use.	Not in use.	Not in use.
assignment		Not in use.	Not in use.	Not in use.
read-passwd		Not in use.	Not in use.	Not in use.
device-config		Not in use.	Not in use.	Not in use.
device-profile		Not in use.	Not in use.	Not in use.
policy-objects		Not in use.	Not in use.	Not in use.
deploy-management		Not in use.	Not in use.	Not in use.
config-retrieve		Not in use.	Not in use.	Not in use.
term-access		Not in use.	Not in use.	Not in use.
adom-policy-packages		Not in use.	Not in use.	Not in use.
adom-policy-objects		Not in use.	Not in use.	Not in use.
vpn-manager		Not in use.	Not in use.	Not in use.
consistency-check		Not in use.	Not in use.	Not in use.
faz-management		Not in use.	Not in use.	Not in use.
fgd_center		Not in use.	Not in use.	Not in use.
network		Not in use.	Not in use.	Not in use.
admin		Not in use.	Not in use.	Not in use.
system		Not in use.	Not in use.	Not in use.
devices		Not in use.	Not in use.	Not in use.
alerts		Not in use.	Not in use.	Not in use.
dlp		Not in use.	Not in use.	Not in use.
reports		Not in use.	Not in use.	Not in use.
logs		Not in use.	Not in use.	Not in use.
quar		Not in use.	Not in use.	Not in use.
net-monitor		Not in use.	Not in use.	Not in use.
vuln-mgmt		Not in use.	Not in use.	Not in use.


	This guide is intended for default users with full privileges. If you create a profile with limited privileges it will limit the ability of any administrator using that profile to follow procedures in this guide.

Figure 69: Administrator profile list


	The default administrator profiles cannot be edited or deleted.


Delete	Select the check box next to the profile you want to delete and select Delete. Predefined profiles cannot be deleted. You can only delete custom profiles when they are not applied to any administrators.
Create New	Select to create a custom administrator profile. See “Configuring administrator profiles”.
Profile	The administrator profile name. Select the profile name to view or modify existing settings. For more information about profile settings, see “Configuring administrator profiles”.
Description	Provides a brief description of the system and device access privileges allowed for the selected profile.