config system accprofile
Description: Configure access profiles for system administrators.
edit <name>
set scope [vdom|global]
set comments {var-string}
set secfabgrp [none|read|...]
set ftviewgrp [none|read|...]
set authgrp [none|read|...]
set sysgrp [none|read|...]
set netgrp [none|read|...]
set loggrp [none|read|...]
set fwgrp [none|read|...]
set vpngrp [none|read|...]
set utmgrp [none|read|...]
set wanoptgrp [none|read|...]
set wifi [none|read|...]
config netgrp-permission
Description: Custom network permission.
set cfg [none|read|...]
set packet-capture [none|read|...]
set route-cfg [none|read|...]
end
config sysgrp-permission
Description: Custom system permission.
set admin [none|read|...]
set upd [none|read|...]
set cfg [none|read|...]
set mnt [none|read|...]
end
config fwgrp-permission
Description: Custom firewall permission.
set policy [none|read|...]
set address [none|read|...]
set service [none|read|...]
set schedule [none|read|...]
end
config loggrp-permission
Description: Custom Log & Report permission.
set config [none|read|...]
set data-access [none|read|...]
set report-access [none|read|...]
set threat-weight [none|read|...]
end
config utmgrp-permission
Description: Custom Security Profile permissions.
set antivirus [none|read|...]
set ips [none|read|...]
set webfilter [none|read|...]
set emailfilter [none|read|...]
set data-loss-prevention [none|read|...]
set file-filter [none|read|...]
set application-control [none|read|...]
set icap [none|read|...]
set voip [none|read|...]
set waf [none|read|...]
set dnsfilter [none|read|...]
set endpoint-control [none|read|...]
end
set admintimeout-override [enable|disable]
set admintimeout {integer}
set system-diagnostics [enable|disable]
next
end
Parameter Name | Description | Type | Size |
---|---|---|---|
scope | Scope of admin access: global or specific VDOM(s). vdom: VDOM access. global: Global access. |
option | - |
comments | Comment. | var-string | Maximum length: 255 |
secfabgrp | Security Fabric. none: No access. read: Read access. read-write: Read/write access. |
option | - |
ftviewgrp | FortiView. none: No access. read: Read access. read-write: Read/write access. |
option | - |
authgrp | Administrator access to Users and Devices. none: No access. read: Read access. read-write: Read/write access. |
option | - |
sysgrp | System Configuration. none: No access. read: Read access. read-write: Read/write access. custom: Customized access. |
option | - |
netgrp | Network Configuration. none: No access. read: Read access. read-write: Read/write access. custom: Customized access. |
option | - |
loggrp | Administrator access to Logging and Reporting including viewing log messages. none: No access. read: Read access. read-write: Read/write access. custom: Customized access. |
option | - |
fwgrp | Administrator access to the Firewall configuration. none: No access. read: Read access. read-write: Read/write access. custom: Customized access. |
option | - |
vpngrp | Administrator access to IPsec, SSL, PPTP, and L2TP VPN. none: No access. read: Read access. read-write: Read/write access. |
option | - |
utmgrp | Administrator access to Security Profiles. none: No access. read: Read access. read-write: Read/write access. custom: Customized access. |
option | - |
wanoptgrp | Administrator access to WAN Opt & Cache. none: No access. read: Read access. read-write: Read/write access. |
option | - |
wifi | Administrator access to the WiFi controller and Switch controller. none: No access. read: Read access. read-write: Read/write access. |
option | - |
admintimeout-override | Enable/disable overriding the global administrator idle timeout. enable: Enable overriding the global administrator idle timeout. disable: Disable overriding the global administrator idle timeout. |
option | - |
admintimeout | Administrator timeout for this access profile (0 - 480 min, default = 10, 0 means never timeout). | integer | Minimum value: 1 Maximum value: 480 |
system-diagnostics | Enable/disable permission to run system diagnostic commands. enable: Enable permission to run system diagnostic commands. disable: Disable permission to run system diagnostic commands. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
cfg | Network Configuration. none: No access. read: Read access. read-write: Read/write access. |
option | - |
packet-capture | Packet Capture Configuration. none: No access. read: Read access. read-write: Read/write access. |
option | - |
route-cfg | Router Configuration. none: No access. read: Read access. read-write: Read/write access. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
admin | Administrator Users. none: No access. read: Read access. read-write: Read/write access. |
option | - |
upd | FortiGuard Updates. none: No access. read: Read access. read-write: Read/write access. |
option | - |
cfg | System Configuration. none: No access. read: Read access. read-write: Read/write access. |
option | - |
mnt | Maintenance. none: No access. read: Read access. read-write: Read/write access. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
policy | Policy Configuration. none: No access. read: Read access. read-write: Read/write access. |
option | - |
address | Address Configuration. none: No access. read: Read access. read-write: Read/write access. |
option | - |
service | Service Configuration. none: No access. read: Read access. read-write: Read/write access. |
option | - |
schedule | Schedule Configuration. none: No access. read: Read access. read-write: Read/write access. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
config | Log & Report configuration. none: No access. read: Read access. read-write: Read/write access. |
option | - |
data-access | Log & Report Data Access. none: No access. read: Read access. read-write: Read/write access. |
option | - |
report-access | Log & Report Report Access. none: No access. read: Read access. read-write: Read/write access. |
option | - |
threat-weight | Log & Report Threat Weight. none: No access. read: Read access. read-write: Read/write access. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
antivirus | Antivirus profiles and settings. none: No access. read: Read access. read-write: Read/write access. |
option | - |
ips | IPS profiles and settings. none: No access. read: Read access. read-write: Read/write access. |
option | - |
webfilter | Web Filter profiles and settings. none: No access. read: Read access. read-write: Read/write access. |
option | - |
emailfilter | AntiSpam filter and settings. none: No access. read: Read access. read-write: Read/write access. |
option | - |
data-loss-prevention | DLP profiles and settings. none: No access. read: Read access. read-write: Read/write access. |
option | - |
file-filter | File-filter profiles and settings. none: No access. read: Read access. read-write: Read/write access. |
option | - |
application-control | Application Control profiles and settings. none: No access. read: Read access. read-write: Read/write access. |
option | - |
icap | ICAP profiles and settings. none: No access. read: Read access. read-write: Read/write access. |
option | - |
voip | VoIP profiles and settings. none: No access. read: Read access. read-write: Read/write access. |
option | - |
waf | Web Application Firewall profiles and settings. none: No access. read: Read access. read-write: Read/write access. |
option | - |
dnsfilter | DNS Filter profiles and settings. none: No access. read: Read access. read-write: Read/write access. |
option | - |
endpoint-control | FortiClient Profiles. none: No access. read: Read access. read-write: Read/write access. |
option | - |
config system accprofile
Description: Configure access profiles for system administrators.
edit <name>
set scope [vdom|global]
set comments {var-string}
set secfabgrp [none|read|...]
set ftviewgrp [none|read|...]
set authgrp [none|read|...]
set sysgrp [none|read|...]
set netgrp [none|read|...]
set loggrp [none|read|...]
set fwgrp [none|read|...]
set vpngrp [none|read|...]
set utmgrp [none|read|...]
set wanoptgrp [none|read|...]
set wifi [none|read|...]
config netgrp-permission
Description: Custom network permission.
set cfg [none|read|...]
set packet-capture [none|read|...]
set route-cfg [none|read|...]
end
config sysgrp-permission
Description: Custom system permission.
set admin [none|read|...]
set upd [none|read|...]
set cfg [none|read|...]
set mnt [none|read|...]
end
config fwgrp-permission
Description: Custom firewall permission.
set policy [none|read|...]
set address [none|read|...]
set service [none|read|...]
set schedule [none|read|...]
end
config loggrp-permission
Description: Custom Log & Report permission.
set config [none|read|...]
set data-access [none|read|...]
set report-access [none|read|...]
set threat-weight [none|read|...]
end
config utmgrp-permission
Description: Custom Security Profile permissions.
set antivirus [none|read|...]
set ips [none|read|...]
set webfilter [none|read|...]
set emailfilter [none|read|...]
set data-loss-prevention [none|read|...]
set file-filter [none|read|...]
set application-control [none|read|...]
set icap [none|read|...]
set voip [none|read|...]
set waf [none|read|...]
set dnsfilter [none|read|...]
set endpoint-control [none|read|...]
end
set admintimeout-override [enable|disable]
set admintimeout {integer}
set system-diagnostics [enable|disable]
next
end
Parameter Name | Description | Type | Size |
---|---|---|---|
scope | Scope of admin access: global or specific VDOM(s). vdom: VDOM access. global: Global access. |
option | - |
comments | Comment. | var-string | Maximum length: 255 |
secfabgrp | Security Fabric. none: No access. read: Read access. read-write: Read/write access. |
option | - |
ftviewgrp | FortiView. none: No access. read: Read access. read-write: Read/write access. |
option | - |
authgrp | Administrator access to Users and Devices. none: No access. read: Read access. read-write: Read/write access. |
option | - |
sysgrp | System Configuration. none: No access. read: Read access. read-write: Read/write access. custom: Customized access. |
option | - |
netgrp | Network Configuration. none: No access. read: Read access. read-write: Read/write access. custom: Customized access. |
option | - |
loggrp | Administrator access to Logging and Reporting including viewing log messages. none: No access. read: Read access. read-write: Read/write access. custom: Customized access. |
option | - |
fwgrp | Administrator access to the Firewall configuration. none: No access. read: Read access. read-write: Read/write access. custom: Customized access. |
option | - |
vpngrp | Administrator access to IPsec, SSL, PPTP, and L2TP VPN. none: No access. read: Read access. read-write: Read/write access. |
option | - |
utmgrp | Administrator access to Security Profiles. none: No access. read: Read access. read-write: Read/write access. custom: Customized access. |
option | - |
wanoptgrp | Administrator access to WAN Opt & Cache. none: No access. read: Read access. read-write: Read/write access. |
option | - |
wifi | Administrator access to the WiFi controller and Switch controller. none: No access. read: Read access. read-write: Read/write access. |
option | - |
admintimeout-override | Enable/disable overriding the global administrator idle timeout. enable: Enable overriding the global administrator idle timeout. disable: Disable overriding the global administrator idle timeout. |
option | - |
admintimeout | Administrator timeout for this access profile (0 - 480 min, default = 10, 0 means never timeout). | integer | Minimum value: 1 Maximum value: 480 |
system-diagnostics | Enable/disable permission to run system diagnostic commands. enable: Enable permission to run system diagnostic commands. disable: Disable permission to run system diagnostic commands. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
cfg | Network Configuration. none: No access. read: Read access. read-write: Read/write access. |
option | - |
packet-capture | Packet Capture Configuration. none: No access. read: Read access. read-write: Read/write access. |
option | - |
route-cfg | Router Configuration. none: No access. read: Read access. read-write: Read/write access. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
admin | Administrator Users. none: No access. read: Read access. read-write: Read/write access. |
option | - |
upd | FortiGuard Updates. none: No access. read: Read access. read-write: Read/write access. |
option | - |
cfg | System Configuration. none: No access. read: Read access. read-write: Read/write access. |
option | - |
mnt | Maintenance. none: No access. read: Read access. read-write: Read/write access. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
policy | Policy Configuration. none: No access. read: Read access. read-write: Read/write access. |
option | - |
address | Address Configuration. none: No access. read: Read access. read-write: Read/write access. |
option | - |
service | Service Configuration. none: No access. read: Read access. read-write: Read/write access. |
option | - |
schedule | Schedule Configuration. none: No access. read: Read access. read-write: Read/write access. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
config | Log & Report configuration. none: No access. read: Read access. read-write: Read/write access. |
option | - |
data-access | Log & Report Data Access. none: No access. read: Read access. read-write: Read/write access. |
option | - |
report-access | Log & Report Report Access. none: No access. read: Read access. read-write: Read/write access. |
option | - |
threat-weight | Log & Report Threat Weight. none: No access. read: Read access. read-write: Read/write access. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
antivirus | Antivirus profiles and settings. none: No access. read: Read access. read-write: Read/write access. |
option | - |
ips | IPS profiles and settings. none: No access. read: Read access. read-write: Read/write access. |
option | - |
webfilter | Web Filter profiles and settings. none: No access. read: Read access. read-write: Read/write access. |
option | - |
emailfilter | AntiSpam filter and settings. none: No access. read: Read access. read-write: Read/write access. |
option | - |
data-loss-prevention | DLP profiles and settings. none: No access. read: Read access. read-write: Read/write access. |
option | - |
file-filter | File-filter profiles and settings. none: No access. read: Read access. read-write: Read/write access. |
option | - |
application-control | Application Control profiles and settings. none: No access. read: Read access. read-write: Read/write access. |
option | - |
icap | ICAP profiles and settings. none: No access. read: Read access. read-write: Read/write access. |
option | - |
voip | VoIP profiles and settings. none: No access. read: Read access. read-write: Read/write access. |
option | - |
waf | Web Application Firewall profiles and settings. none: No access. read: Read access. read-write: Read/write access. |
option | - |
dnsfilter | DNS Filter profiles and settings. none: No access. read: Read access. read-write: Read/write access. |
option | - |
endpoint-control | FortiClient Profiles. none: No access. read: Read access. read-write: Read/write access. |
option | - |