Admin roles
You can use admin roles to define the permissions each administrator account has in FortiClient EMS. You can use a default admin role in FortiClient EMS or create a new admin role to assign to an administrator account. Each admin role can include permissions from the following categories: endpoint, policy, and settings.
The following describes the default admin roles in FortiClient EMS. You cannot edit or delete these admin roles:
Name |
Description |
---|---|
Super administrator |
Most privileged admin role. Complete access to all FortiClient EMS permissions, including modification, user permissions, approval, discovery, and deployment. Only built-in role that has access to the Administration section of the GUI. Has access to all configured Windows and LDAP servers and users and authority to configure user privileges and permissions. The default admin account is a super administrator. You cannot assign another admin role to the admin account. |
Standard administrator |
Includes all endpoint and policy permissions and read-only permissions to settings permissions. |
Endpoint administrator |
Includes all endpoint permissions and read-only permissions to policy and settings permissions. |
Read-only administrator |
Includes read-only permissions to endpoint, policy, and settings permissions. |
Restricted administrator |
No permissions enabled. |
For admin roles that are unauthorized for certain tasks or devices, EMS hides or disables the related menu items, items in content pages, and buttons.