Restricted_User | Restricted user profiles have no System Privileges enabled, and have read‑only access for all Device Privileges. |
Standard_User | Standard user profiles have no System Privileges enabled, but have read/write access for all Device Privileges. |
Super_User | Super user profiles have all system and device privileges enabled. |
Package_User | Package user profile have read/write policy package and objects privileges enabled, and have read-only access for system and others privileges. |
FortiManager Feature | Predefined Administrator Profiles | ||||
Super User | Standard User | Restricted User | Package User | ||
System Settings system-setting | Read-Write | None | None | Read-Only | |
Administrator Domain adom-switch | Read-Write | Read-Write | None | Read-Only | |
FortiGuard Center fgd_center | Read-Write | None | None | Read-Only | |
Device Manager device-manager | Read-Write | Read-Write | Read-Only | Read-Write | |
Add/Delete Devices/Groups device-op | Read-Write | Read-Write | None | Read-Write | |
Install To Devices deploy-management | Read-Write | Read-Write | Read-Only | Read-Write | |
Retrieve Configuration from Devices config-retrieve | Read-Write | Read-Write | Read-Only | Read-Only | |
Terminal Access term-access | Read-Write | Read-Write | Read-Only | Read-Only | |
Manage Device Configuration device-config | Read-Write | Read-Write | Read-Only | Read-Write | |
System Templates device-profile | Read-Write | Read-Write | Read-Only | Read-Write | |
Policy & Objects policy-objects | Read-Write | Read-Write | Read-Only | Read-Write | |
Global Policy Packages & Objects global-policy-packages | Read-Write | Read-Write | None | Read-Write | |
Assignment assignment | Read-Write | None | None | Read-Only | |
Policy Packages & Objects adom-policy-packages | Read-Write | Read-Write | Read-Only | Read-Write | |
Policy Check consistency-check | Read-Write | Read-Write | Read-Only | Read-Only | |
VPN Manager vpn-manager | Read-Write | Read-Write | Read-Only | Read-Write | |
Drill Down realtime-monitor | Read-Write | Read-Write | Read-Only | Read-Only | |
Log View log-viewer | Read-Write | Read-Write | Read-Only | Read-Only | |
Reports report-viewer | Read-Write | Read-Write | Read-Only | Read-Only | |
Event Management event-management | Read-Write | Read-Write | Read-Only | Read-Only | |
CLI Only Settings | |||||
profileid | Super_User | Standard_User | Restricted_User | Package_User | |
scope | Not in use. | Not in use. | Not in use. | Not in use. | |
read-passwd | Not in use. | Not in use. | Not in use. | Not in use. | |
faz-management | Not in use. | Not in use. | Not in use. | Not in use. | |
global-objects | Not in use. | Not in use. | Not in use. | Not in use. | |
adom-policy-objects | Not in use. | Not in use. | Not in use. | Not in use. | |
network | Not in use. | Not in use. | Not in use. | Not in use. | |
admin | Not in use. | Not in use. | Not in use. | Not in use. | |
system | Not in use. | Not in use. | Not in use. | Not in use. | |
devices | Not in use. | Not in use. | Not in use. | Not in use. | |
alerts | Not in use. | Not in use. | Not in use. | Not in use. | |
dlp | Not in use. | Not in use. | Not in use. | Not in use. | |
reports | Not in use. | Not in use. | Not in use. | Not in use. | |
logs | Not in use. | Not in use. | Not in use. | Not in use. | |
quar | Not in use. | Not in use. | Not in use. | Not in use. | |
net-monitor | Not in use. | Not in use. | Not in use. | Not in use. | |
vuln-mgmt | Not in use. | Not in use. | Not in use. | Not in use. |
This guide is intended for default users with full privileges. If you create a profile with limited privileges it will limit the ability of any administrator using that profile to follow procedures in this Guide. |
Delete | Select the check box next to the profile you want to delete and select Delete. Predefined profiles cannot be deleted. You can only delete custom profiles when they are not applied to any administrators. |
Create New | Select to create a custom administrator profile. See “Configuring administrator profiles”. |
Profile | The administrator profile name. Select the profile name to view or modify existing settings. For more information about profile settings, see “Configuring administrator profiles”. |
Description | Provides a brief description of the system and device access privileges allowed for the selected profile. |