Profile


Restricted_User	Restricted user profiles have no System Privileges enabled, and have read‑only access for all Device Privileges.
Standard_User	Standard user profiles have no System Privileges enabled, but have read/write access for all Device Privileges.
Super_User	Super user profiles have all system and device privileges enabled.
Package_User	Package user profile have read/write policy package and objects privileges enabled, and have read-only access for system and others privileges.

Table 2: Predefined profiles, FortiManager features, and permissions
FortiManager Feature		Predefined Administrator Profiles
FortiManager Feature		Super User	Standard User	Restricted User	Package User
System Settings system-setting		Read-Write	None	None	Read-Only
Administrator Domain adom-switch		Read-Write	Read-Write	None	Read-Only
FortiGuard Center fgd_center		Read-Write	None	None	Read-Only
Device Manager device-manager		Read-Write	Read-Write	Read-Only	Read-Write
	Add/Delete Devices/Groups device-op	Read-Write	Read-Write	None	Read-Write
	Install To Devices deploy-management	Read-Write	Read-Write	Read-Only	Read-Write
	Retrieve Configuration from Devices config-retrieve	Read-Write	Read-Write	Read-Only	Read-Only
	Terminal Access term-access	Read-Write	Read-Write	Read-Only	Read-Only
	Manage Device Configuration device-config	Read-Write	Read-Write	Read-Only	Read-Write
	System Templates device-profile	Read-Write	Read-Write	Read-Only	Read-Write
Policy & Objects policy-objects		Read-Write	Read-Write	Read-Only	Read-Write
	Global Policy Packages & Objects global-policy-packages	Read-Write	Read-Write	None	Read-Write
	Assignment assignment	Read-Write	None	None	Read-Only
	Policy Packages & Objects adom-policy-packages	Read-Write	Read-Write	Read-Only	Read-Write
	Policy Check consistency-check	Read-Write	Read-Write	Read-Only	Read-Only
	VPN Manager vpn-manager	Read-Write	Read-Write	Read-Only	Read-Write
Drill Down realtime-monitor		Read-Write	Read-Write	Read-Only	Read-Only
Log View log-viewer		Read-Write	Read-Write	Read-Only	Read-Only
Reports report-viewer		Read-Write	Read-Write	Read-Only	Read-Only
Event Management event-management		Read-Write	Read-Write	Read-Only	Read-Only
CLI Only Settings
profileid		Super_User	Standard_User	Restricted_User	Package_User
scope		Not in use.	Not in use.	Not in use.	Not in use.
read-passwd		Not in use.	Not in use.	Not in use.	Not in use.
faz-management		Not in use.	Not in use.	Not in use.	Not in use.
global-objects		Not in use.	Not in use.	Not in use.	Not in use.
adom-policy-objects		Not in use.	Not in use.	Not in use.	Not in use.
network		Not in use.	Not in use.	Not in use.	Not in use.
admin		Not in use.	Not in use.	Not in use.	Not in use.
system		Not in use.	Not in use.	Not in use.	Not in use.
devices		Not in use.	Not in use.	Not in use.	Not in use.
alerts		Not in use.	Not in use.	Not in use.	Not in use.
dlp		Not in use.	Not in use.	Not in use.	Not in use.
reports		Not in use.	Not in use.	Not in use.	Not in use.
logs		Not in use.	Not in use.	Not in use.	Not in use.
quar		Not in use.	Not in use.	Not in use.	Not in use.
net-monitor		Not in use.	Not in use.	Not in use.	Not in use.
vuln-mgmt		Not in use.	Not in use.	Not in use.	Not in use.


	This guide is intended for default users with full privileges. If you create a profile with limited privileges it will limit the ability of any administrator using that profile to follow procedures in this Guide.

Figure 51: Administrator profile list


Delete	Select the check box next to the profile you want to delete and select Delete. Predefined profiles cannot be deleted. You can only delete custom profiles when they are not applied to any administrators.
Create New	Select to create a custom administrator profile. See “Configuring administrator profiles”.
Profile	The administrator profile name. Select the profile name to view or modify existing settings. For more information about profile settings, see “Configuring administrator profiles”.
Description	Provides a brief description of the system and device access privileges allowed for the selected profile.