Fortinet black logo

EMS Administration Guide

Admin roles

Admin roles

You can use admin roles to define the permissions that each administrator account has in FortiClient EMS. You can use a default admin role in FortiClient EMS or create a new admin role to assign to an administrator account. Each admin role can include permissions from the following categories:

  • Endpoint permissions
  • Policy permissions
  • Settings permissions

The following describes the default admin roles in FortiClient EMS. You cannot edit or delete these admin roles:

Name

Description

Super administrator

Most privileged admin role. Complete access to all FortiClient EMS permissions, including modification, user permissions, approval, discovery, and deployment. Only built-in role that has access to the Administration section of the GUI. Has access to all configured Windows and LDAP servers and users and has the authority to configure user privileges and permissions.

The default admin account is a super administrator. You cannot assign another admin role to the admin account.

Standard administrator

Includes all endpoint and policy permissions, and read-only permissions to settings permissions.

Endpoint administrator

Includes all endpoint permissions and read-only permissions to policy and settings permissions.

Read-only administrator

Includes read-only permissions to endpoint, policy, and settings permissions.

Restricted administrator

No permissions enabled.

For admin roles that are not authorized for certain tasks or devices, EMS hides or disables the related menu items, items in content pages, and buttons.

Admin roles

You can use admin roles to define the permissions that each administrator account has in FortiClient EMS. You can use a default admin role in FortiClient EMS or create a new admin role to assign to an administrator account. Each admin role can include permissions from the following categories:

  • Endpoint permissions
  • Policy permissions
  • Settings permissions

The following describes the default admin roles in FortiClient EMS. You cannot edit or delete these admin roles:

Name

Description

Super administrator

Most privileged admin role. Complete access to all FortiClient EMS permissions, including modification, user permissions, approval, discovery, and deployment. Only built-in role that has access to the Administration section of the GUI. Has access to all configured Windows and LDAP servers and users and has the authority to configure user privileges and permissions.

The default admin account is a super administrator. You cannot assign another admin role to the admin account.

Standard administrator

Includes all endpoint and policy permissions, and read-only permissions to settings permissions.

Endpoint administrator

Includes all endpoint permissions and read-only permissions to policy and settings permissions.

Read-only administrator

Includes read-only permissions to endpoint, policy, and settings permissions.

Restricted administrator

No permissions enabled.

For admin roles that are not authorized for certain tasks or devices, EMS hides or disables the related menu items, items in content pages, and buttons.