config system accprofile

Configure access profiles for system administrators.

Description: Configure access profiles for system administrators.

edit <name>

set scope [vdom|global]

set comments {var-string}

set secfabgrp [none|read|...]

set ftviewgrp [none|read|...]

set authgrp [none|read|...]

set sysgrp [none|read|...]

set netgrp [none|read|...]

set loggrp [none|read|...]

set fwgrp [none|read|...]

set vpngrp [none|read|...]

set utmgrp [none|read|...]

set wifi [none|read|...]

config netgrp-permission

Description: Custom network permission.

set cfg [none|read|...]

set packet-capture [none|read|...]

set route-cfg [none|read|...]

end

config sysgrp-permission

Description: Custom system permission.

set admin [none|read|...]

set upd [none|read|...]

set cfg [none|read|...]

set mnt [none|read|...]

end

config fwgrp-permission

Description: Custom firewall permission.

set policy [none|read|...]

set address [none|read|...]

set service [none|read|...]

set schedule [none|read|...]

end

config loggrp-permission

Description: Custom Log & Report permission.

set config [none|read|...]

set data-access [none|read|...]

set report-access [none|read|...]

set threat-weight [none|read|...]

end

config utmgrp-permission

Description: Custom Security Profile permissions.

set antivirus [none|read|...]

set ips [none|read|...]

set webfilter [none|read|...]

set emailfilter [none|read|...]

set data-loss-prevention [none|read|...]

set application-control [none|read|...]

set icap [none|read|...]

set voip [none|read|...]

set waf [none|read|...]

set dnsfilter [none|read|...]

set endpoint-control [none|read|...]

end

set admintimeout-override [enable|disable]

set admintimeout {integer}

end

config system accprofile

Parameter

Description

Type

Size

scope

Scope of admin access: global or specific VDOM(s).

option

Option	Description
vdom	VDOM access.
global	Global access.

comments

Comment.

var-string

Maximum length: 255

secfabgrp

Security Fabric.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

ftviewgrp

FortiView.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

authgrp

Administrator access to Users and Devices.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

sysgrp

System Configuration.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.
custom	Customized access.

netgrp

Network Configuration.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.
custom	Customized access.

loggrp

Administrator access to Logging and Reporting including viewing log messages.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.
custom	Customized access.

fwgrp

Administrator access to the Firewall configuration.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.
custom	Customized access.

vpngrp

Administrator access to IPsec, SSL, PPTP, and L2TP VPN.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

utmgrp

Administrator access to Security Profiles.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.
custom	Customized access.

wifi

Administrator access to the WiFi controller and Switch controller.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

admintimeout-override

Enable/disable overriding the global administrator idle timeout.

option

Option	Description
enable	Enable overriding the global administrator idle timeout.
disable	Disable overriding the global administrator idle timeout.

admintimeout

Administrator timeout for this access profile .

integer

Minimum value: 1 Maximum value: 480

config netgrp-permission

Parameter

Description

Type

Size

cfg

Network Configuration.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

packet-capture

Packet Capture Configuration.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

route-cfg

Router Configuration.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

config sysgrp-permission

Parameter

Description

Type

Size

admin

Administrator Users.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

upd

FortiGuard Updates.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

cfg

System Configuration.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

mnt

Maintenance.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

config fwgrp-permission

Parameter

Description

Type

Size

policy

Policy Configuration.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

address

Address Configuration.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

service

Service Configuration.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

schedule

Schedule Configuration.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

config loggrp-permission

Parameter

Description

Type

Size

config

Log & Report configuration.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

data-access

Log & Report Data Access.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

report-access

Log & Report Report Access.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

threat-weight

Log & Report Threat Weight.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

config utmgrp-permission

Parameter

Description

Type

Size

antivirus

Antivirus profiles and settings.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

ips

IPS profiles and settings.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

webfilter

Web Filter profiles and settings.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

emailfilter

AntiSpam filter and settings.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

data-loss-prevention

DLP profiles and settings.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

application-control

Application Control profiles and settings.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

icap

ICAP profiles and settings.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

voip

VoIP profiles and settings.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

waf

Web Application Firewall profiles and settings.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

dnsfilter

DNS Filter profiles and settings.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

endpoint-control

FortiClient Profiles.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

config system accprofile

Configure access profiles for system administrators.

config system accprofile

Description: Configure access profiles for system administrators.

edit <name>

set scope [vdom|global]

set comments {var-string}

set secfabgrp [none|read|...]

set ftviewgrp [none|read|...]

set authgrp [none|read|...]

set sysgrp [none|read|...]

set netgrp [none|read|...]

set loggrp [none|read|...]

set fwgrp [none|read|...]

set vpngrp [none|read|...]

set utmgrp [none|read|...]

set wifi [none|read|...]

config netgrp-permission

Description: Custom network permission.

set cfg [none|read|...]

set packet-capture [none|read|...]

set route-cfg [none|read|...]

end

config sysgrp-permission

Description: Custom system permission.

set admin [none|read|...]

set upd [none|read|...]

set cfg [none|read|...]

set mnt [none|read|...]

end

config fwgrp-permission

Description: Custom firewall permission.

set policy [none|read|...]

set address [none|read|...]

set service [none|read|...]

set schedule [none|read|...]

end

config loggrp-permission

Description: Custom Log & Report permission.

set config [none|read|...]

set data-access [none|read|...]

set report-access [none|read|...]

set threat-weight [none|read|...]

end

config utmgrp-permission

Description: Custom Security Profile permissions.

set antivirus [none|read|...]

set ips [none|read|...]

set webfilter [none|read|...]

set emailfilter [none|read|...]

set data-loss-prevention [none|read|...]

set application-control [none|read|...]

set icap [none|read|...]

set voip [none|read|...]

set waf [none|read|...]

set dnsfilter [none|read|...]

set endpoint-control [none|read|...]

end

set admintimeout-override [enable|disable]

set admintimeout {integer}

end

config system accprofile

Parameter

Description

Type

Size

scope

Scope of admin access: global or specific VDOM(s).

option

Option	Description
vdom	VDOM access.
global	Global access.

comments

Comment.

var-string

Maximum length: 255

secfabgrp

Security Fabric.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

ftviewgrp

FortiView.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

authgrp

Administrator access to Users and Devices.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

sysgrp

System Configuration.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.
custom	Customized access.

netgrp

Network Configuration.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.
custom	Customized access.

loggrp

Administrator access to Logging and Reporting including viewing log messages.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.
custom	Customized access.

fwgrp

Administrator access to the Firewall configuration.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.
custom	Customized access.

vpngrp

Administrator access to IPsec, SSL, PPTP, and L2TP VPN.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

utmgrp

Administrator access to Security Profiles.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.
custom	Customized access.

wifi

Administrator access to the WiFi controller and Switch controller.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

admintimeout-override

Enable/disable overriding the global administrator idle timeout.

option

Option	Description
enable	Enable overriding the global administrator idle timeout.
disable	Disable overriding the global administrator idle timeout.

admintimeout

Administrator timeout for this access profile .

integer

Minimum value: 1 Maximum value: 480

config netgrp-permission

Parameter

Description

Type

Size

cfg

Network Configuration.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

packet-capture

Packet Capture Configuration.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

route-cfg

Router Configuration.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

config sysgrp-permission

Parameter

Description

Type

Size

admin

Administrator Users.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

upd

FortiGuard Updates.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

cfg

System Configuration.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

mnt

Maintenance.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

config fwgrp-permission

Parameter

Description

Type

Size

policy

Policy Configuration.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

address

Address Configuration.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

service

Service Configuration.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

schedule

Schedule Configuration.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

config loggrp-permission

Parameter

Description

Type

Size

config

Log & Report configuration.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

data-access

Log & Report Data Access.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

report-access

Log & Report Report Access.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

threat-weight

Log & Report Threat Weight.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

config utmgrp-permission

Parameter

Description

Type

Size

antivirus

Antivirus profiles and settings.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

ips

IPS profiles and settings.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

webfilter

Web Filter profiles and settings.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

emailfilter

AntiSpam filter and settings.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

data-loss-prevention

DLP profiles and settings.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

application-control

Application Control profiles and settings.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

icap

ICAP profiles and settings.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

voip

VoIP profiles and settings.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

waf

Web Application Firewall profiles and settings.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

dnsfilter

DNS Filter profiles and settings.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

endpoint-control

FortiClient Profiles.

option

Option	Description
none	No access.
read	Read access.
read-write	Read/write access.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

CLI Reference

config system accprofile

config system accprofile

config system accprofile

config netgrp-permission

config sysgrp-permission

config fwgrp-permission

config loggrp-permission

config utmgrp-permission

config system accprofile

config system accprofile

config system accprofile

config netgrp-permission

config sysgrp-permission