Administrator profiles
Administrator profiles are used to control administrator access privileges to devices or system features. Profiles are assigned to administrator accounts when an administrator is created. The profile controls access to both the FortiAnalyzer GUI and CLI.
There are three predefined system profiles:
| Restricted_User | Restricted user profiles have no system privileges enabled, and have read-only access for all device privileges. |
| Standard_User | Standard user profiles have no system privileges enabled, and have read/write access for all device privileges. |
| Super_User | Super user profiles have all system and device privileges enabled. It cannot be edited. |
These profiles cannot be deleted, but standard and restricted profiles can be edited. New profiles can also be created as required. Only super user administrators can manage administrator profiles.
Go to System Settings > Admin > Profile to view and manage administrator profiles.
The following options are available:
| Create New | Create a new administrator profile. See Creating administrator profiles on page 231. |
| Edit | Edit the selected profile. See Editing administrator profiles on page 233. |
| Clone | Clone the selected profile. See Cloning administrator profiles on page 233. |
| Delete | Delete the selected profile or profiles. See Deleting administrator profiles on page 233. |
| Search | Search the administrator profiles list. |
The following information is shown:
| Name | The name the administrator uses to log in. |
| Type | The profile type. |
| Description | A description of the system and device access permissions allowed for the selected profile. |
Permissions
The below table lists the default permissions for the predefined administrator profiles.
When Read-Write is selected, the user can view and make changes to the FortiAnalyzer system. When Read-Only is selected, the user can only view information. When None is selected, the user can neither view or make changes to the FortiAnalyzer system.
| Setting | Predefined Administrator Profile | ||
| Super User | Standard User | Restricted User | |
| System Settings system-setting | Read-Write | None | None |
| Administrative Domain adom-switch | Read-Write | Read-Write | None |
| Device Manager device-manager | Read-Write | Read-Write | Read-Only |
| Add/Delete/Edit
Devices/Groups device-op |
Read-Write | Read-Write | None |
| Log View/FortiView/SOC log-viewer | Read-Write | Read-Write | Read-Only |
| Incidents & Events event-management | Read-Write | Read-Write | Read-Only |
| Reports report-viewer | Read-Write | Read-Write | Read-Only |
| FortiRecorder | Read-Write | Read-Write | None |
| CLI only settings | |||
| device-wan-link-load-balance | Read-Write | Read-Write | Read-Only |
| device-ap | Read-Write | Read-Write | Read-Only |
| device-forticlient | Read-Write | Read-Write | Read-Only |
| device-fortiswitch | Read-Write | Read-Write | Read-Only |
| realtime-monitor | Read-Write | Read-Write | Read-Only |