Fortinet black logo

New Features

Admin user attributes can be set in the admin profile and override the individual admin settings 7.0.3

Copy Link
Copy Doc ID 6dd8af04-513d-11eb-b9ad-00505692583a:421852
Download PDF

Admin user attributes can be set in the admin profile and override the individual admin settings 7.0.3

Admin user attributes such as RPC permission or Trusted Hosts can now be set in the admin profile (CLI only) and override the individual admin settings.

To override user attributes from admin profiles:
  1. In 7.0.2 and earlier, RPC permission and Trusted Hosts attributes can only be set in the admin user settings.
    In 7.0.3, you can configure RPC permission and Trusted Host settings in an admin profile.
  2. Go to the FortiAnalyzer CLI and enter the following commands:

    config system admin profile

    edit <profile name>

    set rpc-permit {none | read | read-write}

    set trusthost1 <ip & netmask>

    end

  3. Configure the admin user to use the from-profile option for the rpc-permit and/or trusthost attributes.
    Enter the following commands in the FortiAnalyzer CLI:

    config system admin user

    edit <admin user>

    set rpc-permit from-profile

    set trusthost1 from-profile

    end

  4. When checking the admin user, you can see that rpc-permit and trusthost settings are followed by (from profile), indicating that these attributes are from the profile.
  5. In the FortiAnalyzer GUI, go to System Settings > Admin > Administrators.
    The settings for rpc-permit and trusthost are greyed out, meaning they can no longer be modified in the GUI.

Admin user attributes can be set in the admin profile and override the individual admin settings 7.0.3

Admin user attributes such as RPC permission or Trusted Hosts can now be set in the admin profile (CLI only) and override the individual admin settings.

To override user attributes from admin profiles:
  1. In 7.0.2 and earlier, RPC permission and Trusted Hosts attributes can only be set in the admin user settings.
    In 7.0.3, you can configure RPC permission and Trusted Host settings in an admin profile.
  2. Go to the FortiAnalyzer CLI and enter the following commands:

    config system admin profile

    edit <profile name>

    set rpc-permit {none | read | read-write}

    set trusthost1 <ip & netmask>

    end

  3. Configure the admin user to use the from-profile option for the rpc-permit and/or trusthost attributes.
    Enter the following commands in the FortiAnalyzer CLI:

    config system admin user

    edit <admin user>

    set rpc-permit from-profile

    set trusthost1 from-profile

    end

  4. When checking the admin user, you can see that rpc-permit and trusthost settings are followed by (from profile), indicating that these attributes are from the profile.
  5. In the FortiAnalyzer GUI, go to System Settings > Admin > Administrators.
    The settings for rpc-permit and trusthost are greyed out, meaning they can no longer be modified in the GUI.