Fortinet black logo

Administration Guide

Permissions

Permissions

The below table lists the default permissions for the predefined administrator profiles.

When Read-Write is selected, the user can view and make changes to the FortiManager system. When Read-Only is selected, the user can only view information. When None is selected, the user can neither view or make changes to the FortiManager system.

Setting

Predefined Administrator Profile

Super User

Standard User

Restricted User

Package User

System Settings

system-setting

Read-Write

None

None

Read-Only

Administrative Domain

adom-switch

Read-Write

Read-Write

None

Read-Write

FortiGuard Center

fgd_center

Read-Write

None

None

Read-Only

License Management

fgd-center-licensing

Read-Write

None

None

Read-Only

Firmware Management

fgd-center-fmw-mgmt

Read-Write

None

None

Read-Only

Advanced

fgd-center-advanced

Read-Write

None

None

Read-Only

Device Manager

device-manager

Read-Write

Read-Write

Read-Only

Read-Write

Add/Delete/Edit Devices/Groups

device-op

Read-Write

Read-Write

None

Read-Write

Retrieve Configuration from Devices

config-retrieve

Read-Write

Read-Write

Read-Only

Read-Only

Revert Configuration from Revision History

config-revert

Read-Write

Read-Write

Read-Only

Read-Only

Delete Device Revision

device-revision-deletion

Read-Write

Read-Write

Read-Only

Read-Write

Terminal Access

term-access

Read-Write

Read-Write

Read-Only

Read-Only

Manage Device Configurations

device-config

Read-Write

Read-Write

Read-Only

Read-Write

Provisioning Templates

device-profile

Read-Write

Read-Write

Read-Only

Read-Write

SD-WAN

device-wan-link-load-balance

Read-Write

Read-Write

Read-Only

Read-Write

Policy & Objects

policy-objects

Read-Write

Read-Write

Read-Only

Read-Write

Global Policy Packages & Objects

global-policy-packages

Read-Write

Read-Write

None

Read-Write

Assignment

assignment

Read-Write

None

None

Read-Only

Policy Packages & Objects

adom-policy-packages

Read-Write

Read-Write

Read-Only

Read-Write

Policy Check

consistency-check

Read-Write

Read-Write

Read-Only

Read-Only

Edit Installation Targets

set-install-targets

Read-Write

Read-Write

Read-Only

Read-Write

Lock/Unlock ADOM

adom-lock

Read-Write

Read-Write

Read-Only

Read-Write

Lock/Unlock Device/Policy Package

device-policy-package-lock

Read-Write

Read-Write

Read-Only

Read-Write

Install Policy Package or Device Configuration

deploy-management

Read-Write

Read-Write

Read-Only

Read-Write

Import Policy Package

import-policy-packages

Read-Write

Read-Write

Read-Only

Read-Write

Interface Mapping

intf-mapping

Read-Write

Read-Write

Read-Only

Read-Write

AP Manager

device-ap

Read-Write

Read-Write

Read-Only

Read-Write

FortiClient Manager

device-forticlient

Read-Write

Read-Write

Read-Only

Read-Write

FortiSwitch Manager

device-fortiswitch

Read-Write

Read-Write

Read-Only

Read-Write

VPN Manager

vpn-manager

Read-Write

Read-Write

Read-Only

Read-Write

FortiView

log-viewer

Read-Write

Read-Write

Read-Only

Read-Only

Log View/FortiView

log-viewer

Read-Write

Read-Write

Read-Only

Read-Only

Incidents & Events

event-management

Read-Write

Read-Write

Read-Only

Read-Only

Reports

report-viewer

Read-Write

Read-Write

Read-Only

Read-Only

CLI only settings

realtime-monitor

Read-Write

Read-Write

Read-Only

Read

read-passwd

Read-Write

None

None

Read-Only

The FortiView setting is only available when FortiAnalyzer features are disabled. The Log View/FortiView, Incidents & Events, and Reports settings are only available when FortiAnalyzer features are enabled. See FortiAnalyzer Features.

Permissions

The below table lists the default permissions for the predefined administrator profiles.

When Read-Write is selected, the user can view and make changes to the FortiManager system. When Read-Only is selected, the user can only view information. When None is selected, the user can neither view or make changes to the FortiManager system.

Setting

Predefined Administrator Profile

Super User

Standard User

Restricted User

Package User

System Settings

system-setting

Read-Write

None

None

Read-Only

Administrative Domain

adom-switch

Read-Write

Read-Write

None

Read-Write

FortiGuard Center

fgd_center

Read-Write

None

None

Read-Only

License Management

fgd-center-licensing

Read-Write

None

None

Read-Only

Firmware Management

fgd-center-fmw-mgmt

Read-Write

None

None

Read-Only

Advanced

fgd-center-advanced

Read-Write

None

None

Read-Only

Device Manager

device-manager

Read-Write

Read-Write

Read-Only

Read-Write

Add/Delete/Edit Devices/Groups

device-op

Read-Write

Read-Write

None

Read-Write

Retrieve Configuration from Devices

config-retrieve

Read-Write

Read-Write

Read-Only

Read-Only

Revert Configuration from Revision History

config-revert

Read-Write

Read-Write

Read-Only

Read-Only

Delete Device Revision

device-revision-deletion

Read-Write

Read-Write

Read-Only

Read-Write

Terminal Access

term-access

Read-Write

Read-Write

Read-Only

Read-Only

Manage Device Configurations

device-config

Read-Write

Read-Write

Read-Only

Read-Write

Provisioning Templates

device-profile

Read-Write

Read-Write

Read-Only

Read-Write

SD-WAN

device-wan-link-load-balance

Read-Write

Read-Write

Read-Only

Read-Write

Policy & Objects

policy-objects

Read-Write

Read-Write

Read-Only

Read-Write

Global Policy Packages & Objects

global-policy-packages

Read-Write

Read-Write

None

Read-Write

Assignment

assignment

Read-Write

None

None

Read-Only

Policy Packages & Objects

adom-policy-packages

Read-Write

Read-Write

Read-Only

Read-Write

Policy Check

consistency-check

Read-Write

Read-Write

Read-Only

Read-Only

Edit Installation Targets

set-install-targets

Read-Write

Read-Write

Read-Only

Read-Write

Lock/Unlock ADOM

adom-lock

Read-Write

Read-Write

Read-Only

Read-Write

Lock/Unlock Device/Policy Package

device-policy-package-lock

Read-Write

Read-Write

Read-Only

Read-Write

Install Policy Package or Device Configuration

deploy-management

Read-Write

Read-Write

Read-Only

Read-Write

Import Policy Package

import-policy-packages

Read-Write

Read-Write

Read-Only

Read-Write

Interface Mapping

intf-mapping

Read-Write

Read-Write

Read-Only

Read-Write

AP Manager

device-ap

Read-Write

Read-Write

Read-Only

Read-Write

FortiClient Manager

device-forticlient

Read-Write

Read-Write

Read-Only

Read-Write

FortiSwitch Manager

device-fortiswitch

Read-Write

Read-Write

Read-Only

Read-Write

VPN Manager

vpn-manager

Read-Write

Read-Write

Read-Only

Read-Write

FortiView

log-viewer

Read-Write

Read-Write

Read-Only

Read-Only

Log View/FortiView

log-viewer

Read-Write

Read-Write

Read-Only

Read-Only

Incidents & Events

event-management

Read-Write

Read-Write

Read-Only

Read-Only

Reports

report-viewer

Read-Write

Read-Write

Read-Only

Read-Only

CLI only settings

realtime-monitor

Read-Write

Read-Write

Read-Only

Read

read-passwd

Read-Write

None

None

Read-Only

The FortiView setting is only available when FortiAnalyzer features are disabled. The Log View/FortiView, Incidents & Events, and Reports settings are only available when FortiAnalyzer features are enabled. See FortiAnalyzer Features.