Object List Commands

You are here: Using the CLI > Context Command Summaries > Object List Commands

Object List Commands

Object lists make it easier to manage user permissions by allowing an administrator to assign user permissions via list of objects.

An entry in an object list is an “object type” and “object name” pair. Once an object list is created, object list names are used as arguments to user context commands (see User Commands) to give a user permission to access objects in the list.

Using Object List commands in the global context:

Using Object List Commands in the Global Context
eqcli > objlist olname	:	Create an object list, or if it exists change context
eqcli > objlist olname cmds	:	Modify an object list (see below for cmds)
eqcli > no objlist olname [force]	:	Delete an object list
eqcli > show objlist [olname]	:	Display all object lists, or the one specified

Object List context commands:

Object List Context Commands
eqcli obj-olname> type object	:	Remove the specified object
eqcli obj-olname> no type object	:	Add an object to the list
eqcli obj-olname> show	:	Display object list

Object List Notes

Only a user with the admin flag enabled can create, modify, or delete object lists.
The type argument must be one of the following object types: cert, cluster, crl, geocluster, geosite, port, responder, server, srvpool, subnet, or vlan.
The object argument must be the name of an existing object of the specified type. (Object list names and the keyword all are not allowed.)
The no form of the objlist command is immediately executed; no commit is required.

Specifying an Object List When Creating or Modifying an Object

An objlist argument is optional when creating (or modifying) an FortiADC object, and adds an entry for the object to the specified object list. To add an entry to an object list, the user must have permission to create objects of the specified type in that object list.

Permission to create objects in an object list is given by the permit_objlist command, as outlined in User Permissions.

read and write permissions on both the object list and the object to be added to the list (or have the admin flag set on the user definition).

Note - When a user creates an object, that user is given read, write, and delete permissions on that object.