Fortinet black logo

EMS Administration Guide

Admin role permissions reference

Admin role permissions reference

The following tables list the permissions available when configuring an admin role. The tables also include a description of what the permission allows the user to do and a link to the relevant section in this guide.

Permissions that apply to Chromebook management are denoted with an asterisk (*).

Endpoint permissions

Permission

Link to description

Manage LDAPs Manage connections to LDAP servers to import users from. See User Servers.
Manage Google domains* Manage connections to Google domains to decide which Chromebooks to manage. See Google Domains.
Manage custom groups Create, rename, and edit groups to manage endpoints. See Creating groups.
Run commands on endpoints Perform actions to endpoints on the Endpoints pane, including uploading FortiClient logs, requesting diagnostic results, and so on. See Managing endpoints.

Block/Unblock/Quarantine/Unquarantine/Reregister endpoints

Manage endpoint access to the network through blocking, quarantine, and registration. See Managing endpoints.

Manage and assign endpoint policies

See Endpoint Policy.

View group assignment rules

View group assignment rules. See Group assignment rules.

Manage group assignment rules

Create, delete, and edit group assignment rules. See Group assignment rules.

View endpoint filter bookmarks

View endpoint filter bookmarks. See Using bookmarks to filter the list of endpoints.

Manage endpoint filter bookmarks

Create, delete, and edit endpoint filter bookmarks. See Using bookmarks to filter the list of endpoints.

View quarantine management

View lists of quarantined and allowlisted files. See Quarantine Management.

Manage quarantine management

Allowlist and restore quarantined files and remove files from the allowlist. See Quarantine Management.

View software inventory

See Software Inventory.

Manage software inventory

See Software Inventory.

Policy permissions

Permission

Link to description

View endpoint policies*

View endpoint policies. See Endpoint Policy.

View endpoint profiles* View endpoint profiles. See Endpoint Profiles.
Manage endpoint profiles* Create, delete, and edit endpoint profiles. See Endpoint Profiles.

View host verification rules

View compliance verification rules. See Compliance Verification Rules.

Manage host verification rules

Create, delete, and edit compliance verification rules. See Compliance Verification Rules.

View gateway lists View gateway lists. Telemetry Gateway Lists.
Manage gateway lists Create, delete, and edit gateway lists. See Telemetry Gateway Lists.

View installers

View installers. Managing installers

Manage installers

Create, delete, and edit installers. See Managing installers.

View CA certificates

View CA certificates. See Profile Components.

Manage CA certificates

Upload, import, and delete CA certificates. See Profile Components.

Setting permissions

Permission

Link to description

View server settings* View Server settings. See Configuring Server settings
Manage server settings* Modify Server settings. See Configuring Server settings.
View FortiGuard settings View FortiGuard settings. See Configuring FortiGuard settings.
Manage FortiGuard settings Modify FortiGuard settings. See Configuring FortiGuard settings.

View endpoint settings

View Endpoints settings. See Configuring Endpoints settings.

Manage endpoint settings

Modify Endpoints settings. See Configuring Endpoints settings.

View login banner settings*

View login banner settings. See Configuring the login banner.

Manage login banner settings*

Modify login banner settings. See Configuring the login banner.

View alert settings*

View Alerts settings. See Alerts.

Manage alert settings*

Modify Alerts settings. See Alerts.

View custom message settings

View endpoint quarantine message settings. See Customizing the endpoint quarantine message.

Manage custom message settings

Modify endpoint quarantine message settings. See Customizing the endpoint quarantine message.

Admin role permissions reference

The following tables list the permissions available when configuring an admin role. The tables also include a description of what the permission allows the user to do and a link to the relevant section in this guide.

Permissions that apply to Chromebook management are denoted with an asterisk (*).

Endpoint permissions

Permission

Link to description

Manage LDAPs Manage connections to LDAP servers to import users from. See User Servers.
Manage Google domains* Manage connections to Google domains to decide which Chromebooks to manage. See Google Domains.
Manage custom groups Create, rename, and edit groups to manage endpoints. See Creating groups.
Run commands on endpoints Perform actions to endpoints on the Endpoints pane, including uploading FortiClient logs, requesting diagnostic results, and so on. See Managing endpoints.

Block/Unblock/Quarantine/Unquarantine/Reregister endpoints

Manage endpoint access to the network through blocking, quarantine, and registration. See Managing endpoints.

Manage and assign endpoint policies

See Endpoint Policy.

View group assignment rules

View group assignment rules. See Group assignment rules.

Manage group assignment rules

Create, delete, and edit group assignment rules. See Group assignment rules.

View endpoint filter bookmarks

View endpoint filter bookmarks. See Using bookmarks to filter the list of endpoints.

Manage endpoint filter bookmarks

Create, delete, and edit endpoint filter bookmarks. See Using bookmarks to filter the list of endpoints.

View quarantine management

View lists of quarantined and allowlisted files. See Quarantine Management.

Manage quarantine management

Allowlist and restore quarantined files and remove files from the allowlist. See Quarantine Management.

View software inventory

See Software Inventory.

Manage software inventory

See Software Inventory.

Policy permissions

Permission

Link to description

View endpoint policies*

View endpoint policies. See Endpoint Policy.

View endpoint profiles* View endpoint profiles. See Endpoint Profiles.
Manage endpoint profiles* Create, delete, and edit endpoint profiles. See Endpoint Profiles.

View host verification rules

View compliance verification rules. See Compliance Verification Rules.

Manage host verification rules

Create, delete, and edit compliance verification rules. See Compliance Verification Rules.

View gateway lists View gateway lists. Telemetry Gateway Lists.
Manage gateway lists Create, delete, and edit gateway lists. See Telemetry Gateway Lists.

View installers

View installers. Managing installers

Manage installers

Create, delete, and edit installers. See Managing installers.

View CA certificates

View CA certificates. See Profile Components.

Manage CA certificates

Upload, import, and delete CA certificates. See Profile Components.

Setting permissions

Permission

Link to description

View server settings* View Server settings. See Configuring Server settings
Manage server settings* Modify Server settings. See Configuring Server settings.
View FortiGuard settings View FortiGuard settings. See Configuring FortiGuard settings.
Manage FortiGuard settings Modify FortiGuard settings. See Configuring FortiGuard settings.

View endpoint settings

View Endpoints settings. See Configuring Endpoints settings.

Manage endpoint settings

Modify Endpoints settings. See Configuring Endpoints settings.

View login banner settings*

View login banner settings. See Configuring the login banner.

Manage login banner settings*

Modify login banner settings. See Configuring the login banner.

View alert settings*

View Alerts settings. See Alerts.

Manage alert settings*

Modify Alerts settings. See Alerts.

View custom message settings

View endpoint quarantine message settings. See Customizing the endpoint quarantine message.

Manage custom message settings

Modify endpoint quarantine message settings. See Customizing the endpoint quarantine message.