system accprofile
Use this command to add access profiles that control administrator access to FortiGate features. Each FortiGate administrator account must include an access profile. You can create access profiles that deny access, allow read only, or allow both read and write access to FortiGate features. You cannot delete or modify the super_admin
access profile, but you can use it with more than one administrator account.
History
The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.
Command | Description |
---|---|
set secfabgrp {none | read | read-write} set ftviewgrp {none | read | read-write} |
New read or read-write privileges for Security Fabric and FortiView. |
set netgrp {custom | ...} config netgrp-permission set cfg {none | read | read-write} set packet-capture {none | read | read-write} set route-cfg {none | read | read-write}
set sysgrp {custom | ...} config sysgrp-permission set admin {none | read | read-write} set upd {none | read | read-write} set cfg {none | read | read-write} set mnt {none | read | read-write}
config utmgrp-permission set endpoint-control {none | read | read-write} |
Assign read or read-write privileges for network and system permissions and for FortiClient Profiles. |