Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.1.b
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiEndpoint Administration Guide

    Admin role permissions reference

    Admin role permissions reference

    The following tables list the permissions available when configuring an admin role. The tables also include a description of what the permission allows the user to do and a link to the relevant section in this guide.

    Permissions that apply to Chromebook management are denoted with an asterisk (*).

    Endpoint permissions

    Permission

    Link to description
    Manage LDAPs Manage connections to LDAP servers to import users from.
    Manage Google domains* Manage connections to Google domains to decide which Chromebooks to manage. See Google Domains.
    Manage custom groups Create, rename, and edit endpoint groups. See Managing groups.
    Run commands on endpoints Perform actions to endpoints on the Endpoints pane, including uploading FortiClient logs, requesting diagnostic results, and so on. See Managing endpoints.

    Block/Unblock/Quarantine/Unquarantine/Reregister endpoints

    Manage endpoint access to the network through blocking, quarantine, and registration. See Managing endpoints.
    Manage and assign endpoint policies

    See Endpoint Policy & Components.
    View group assignment rules

    View group assignment rules. See Group assignment rules.
    Manage group assignment rules

    Create, delete, and edit group assignment rules. See Group assignment rules.
    View endpoint filter bookmarks

    View endpoint filter bookmarks. See Using bookmarks to filter the list of endpoints.
    Manage endpoint filter bookmarks

    Create, delete, and edit endpoint filter bookmarks. See Using bookmarks to filter the list of endpoints.
    View quarantine management

    View lists of quarantined and allowlisted files. See Quarantine Management.
    Manage quarantine management

    Allowlist and restore quarantined files and remove files from the allowlist. See Quarantine Management.
    View software inventory

    See Software Inventory.
    Manage software inventory

    See Software Inventory.

    Policy permissions

    Permission

    Link to description

    View endpoint policies*

    View endpoint policies. See Endpoint Policy & Components.
    View endpoint profiles* View endpoint profiles. See Endpoint Profiles.
    Manage endpoint profiles* Create, delete, and edit endpoint profiles. See Endpoint Profiles.

    View Security Posture tagging rules

    View security posture tagging rules. See Tags.

    Manage Security Posture tagging rules

    Create, delete, and edit security posture tagging rules. See Tags.
    View Zero Trust telemetry server lists View Telemetry server lists.
    Manage Zero Trust telemetry server lists Create, delete, and edit Telemetry server lists.

    View installers

    View installers. FortiClient Installer.

    Manage installers

    Create, delete, and edit installers. See FortiClient Installer.

    View CA certificates

    View CA certificates. See CA Certificates.

    Manage CA certificates

    Upload, import, and delete CA certificates. See CA Certificates.

    View on-fabric detection rules

    View on-fabric detection rules. See On-fabric Detection Rules.

    Manage on-fabric detection rules

    Create, delete, and edit on-fabric detection rules. See On-fabric Detection Rules.

    Setting permissions

    Permission

    Link to description
    View server settings* View Server settings. See Configuring EMS settings
    Manage server settings* Modify Server settings. See Configuring EMS settings.
    View Fortinet services settings View FortiGuard Services settings. See Configuring FortiGuard Services settings.
    Manage Fortinet services settings Modify FortiGuard Services settings. See Configuring FortiGuard Services settings.

    View endpoint settings

    View Endpoints settings. See Configuring EMS settings.

    Manage endpoint settings

    Modify Endpoints settings. See Configuring EMS settings.

    View login banner settings*

    View login banner settings. See Configuring EMS settings.

    Manage login banner settings*

    Modify login banner settings. See Configuring EMS settings.

    View alert settings*

    View Alerts settings. See Alerts.

    Manage alert settings*

    Modify Alerts settings. See Alerts.

    View custom message settings

    View endpoint quarantine message settings. See Customizing the endpoint quarantine message.

    Manage custom message settings

    Modify endpoint quarantine message settings. See Customizing the endpoint quarantine message.

    View feature select settings

    View feature select settings. See Feature Select.

    Manage feature select settings

    Modify feature select settings. See Feature Select.
    Previous
    Next

    Admin role permissions reference

    Admin role permissions reference

    The following tables list the permissions available when configuring an admin role. The tables also include a description of what the permission allows the user to do and a link to the relevant section in this guide.

    Permissions that apply to Chromebook management are denoted with an asterisk (*).

    Endpoint permissions

    Permission

    Link to description
    Manage LDAPs Manage connections to LDAP servers to import users from.
    Manage Google domains* Manage connections to Google domains to decide which Chromebooks to manage. See Google Domains.
    Manage custom groups Create, rename, and edit endpoint groups. See Managing groups.
    Run commands on endpoints Perform actions to endpoints on the Endpoints pane, including uploading FortiClient logs, requesting diagnostic results, and so on. See Managing endpoints.

    Block/Unblock/Quarantine/Unquarantine/Reregister endpoints

    Manage endpoint access to the network through blocking, quarantine, and registration. See Managing endpoints.
    Manage and assign endpoint policies

    See Endpoint Policy & Components.
    View group assignment rules

    View group assignment rules. See Group assignment rules.
    Manage group assignment rules

    Create, delete, and edit group assignment rules. See Group assignment rules.
    View endpoint filter bookmarks

    View endpoint filter bookmarks. See Using bookmarks to filter the list of endpoints.
    Manage endpoint filter bookmarks

    Create, delete, and edit endpoint filter bookmarks. See Using bookmarks to filter the list of endpoints.
    View quarantine management

    View lists of quarantined and allowlisted files. See Quarantine Management.
    Manage quarantine management

    Allowlist and restore quarantined files and remove files from the allowlist. See Quarantine Management.
    View software inventory

    See Software Inventory.
    Manage software inventory

    See Software Inventory.

    Policy permissions

    Permission

    Link to description

    View endpoint policies*

    View endpoint policies. See Endpoint Policy & Components.
    View endpoint profiles* View endpoint profiles. See Endpoint Profiles.
    Manage endpoint profiles* Create, delete, and edit endpoint profiles. See Endpoint Profiles.

    View Security Posture tagging rules

    View security posture tagging rules. See Tags.

    Manage Security Posture tagging rules

    Create, delete, and edit security posture tagging rules. See Tags.
    View Zero Trust telemetry server lists View Telemetry server lists.
    Manage Zero Trust telemetry server lists Create, delete, and edit Telemetry server lists.

    View installers

    View installers. FortiClient Installer.

    Manage installers

    Create, delete, and edit installers. See FortiClient Installer.

    View CA certificates

    View CA certificates. See CA Certificates.

    Manage CA certificates

    Upload, import, and delete CA certificates. See CA Certificates.

    View on-fabric detection rules

    View on-fabric detection rules. See On-fabric Detection Rules.

    Manage on-fabric detection rules

    Create, delete, and edit on-fabric detection rules. See On-fabric Detection Rules.

    Setting permissions

    Permission

    Link to description
    View server settings* View Server settings. See Configuring EMS settings
    Manage server settings* Modify Server settings. See Configuring EMS settings.
    View Fortinet services settings View FortiGuard Services settings. See Configuring FortiGuard Services settings.
    Manage Fortinet services settings Modify FortiGuard Services settings. See Configuring FortiGuard Services settings.

    View endpoint settings

    View Endpoints settings. See Configuring EMS settings.

    Manage endpoint settings

    Modify Endpoints settings. See Configuring EMS settings.

    View login banner settings*

    View login banner settings. See Configuring EMS settings.

    Manage login banner settings*

    Modify login banner settings. See Configuring EMS settings.

    View alert settings*

    View Alerts settings. See Alerts.

    Manage alert settings*

    Modify Alerts settings. See Alerts.

    View custom message settings

    View endpoint quarantine message settings. See Customizing the endpoint quarantine message.

    Manage custom message settings

    Modify endpoint quarantine message settings. See Customizing the endpoint quarantine message.

    View feature select settings

    View feature select settings. See Feature Select.

    Manage feature select settings

    Modify feature select settings. See Feature Select.
    Previous
    Next