Admin roles
You can use admin roles to define the permissions each administrator account has in FortiClient EMS. You can use one of the four default admin roles in FortiClient EMS (super administrator, standard administrator, endpoint administrator, restricted administrator) or create a new admin role to assign to an administrator account. Each admin role can include permissions from three categories: endpoint permissions, policy permissions, and settings permissions.
The following describes the four default admin roles in FortiClient EMS. You cannot edit or delete these admin roles.
Name |
Description |
---|---|
Super administrator |
Most privileged admin role. Complete access to all FortiClient EMS permissions, including modification, user permissions, approval, discovery, and deployment. Only built-in role that has access to the Administration section of the GUI. Has access to all configured Windows and LDAP servers and users and has the authority to configure user privileges and permissions. The default admin account is a Super Administrator. You cannot assign another admin role to the admin account. |
Standard administrator |
Includes all endpoint and policy permissions, and read-only permissions to settings permissions. |
Endpoint administrator |
Includes all endpoint permissions and read-only permissions to policy and settings permissions. |
Read-only administrator |
Includes read-only permissions to endpoint, policy, and settings permissions. |
Restricted administrator |
No permissions enabled. |
For admin roles that are not authorized for certain tasks or devices, EMS hides or disables the related menu items, items in content pages, and buttons.