Fortinet white logo
Fortinet white logo

Administration Guide

Administrator profiles

Administrator profiles

Administrator profiles are used to control administrator access privileges to devices or system features. Profiles are assigned to administrator accounts when an administrator is created. The profile controls access to both the FortiManager GUI and CLI.

There are the following predefined system profiles:

Restricted_User

Restricted user profiles have no system privileges enabled, and have read‑only access for all device privileges.

Standard_User

Standard user profiles have no system privileges enabled, and have read/write access for all device privileges.

Super_User

Super user profiles have all system and device privileges enabled. It cannot be edited.

Package_User

Package user profile have read/write policy and objects privileges enabled, and have read-only access for system and other privileges.

No_Permission_User

No permission user profiles have no system or device privileges enabled.

Password_Change_User

Password change user profiles can only change passwords using the CLI or API and have no access to the FortiManager GUI or other features.

These profiles cannot be deleted, but standard and restricted profiles can be edited. New profiles can also be created as required. Only super user administrators can manage administrator profiles. Package user administrators can view the profile list.

Go to System Settings > Admin Profiles to view and manage administrator profiles.

The following options are available:

Create New

Create a new administrator profile. See Creating administrator profiles.

Edit

Edit the selected profile. See Editing administrator profiles.

Clone

Clone the selected profile. See Cloning administrator profiles.

Delete

Delete the selected profile or profiles. See Deleting administrator profiles.

Search

Search the administrator profiles list.

The following information is shown:

Name

The name the administrator uses to log in.

Type

The profile type: System Admin, Restricted Admin, or ADOM Scoped Admin.

Description

A description of the system and device access permissions allowed for the selected profile.

Administrator profiles

Administrator profiles

Administrator profiles are used to control administrator access privileges to devices or system features. Profiles are assigned to administrator accounts when an administrator is created. The profile controls access to both the FortiManager GUI and CLI.

There are the following predefined system profiles:

Restricted_User

Restricted user profiles have no system privileges enabled, and have read‑only access for all device privileges.

Standard_User

Standard user profiles have no system privileges enabled, and have read/write access for all device privileges.

Super_User

Super user profiles have all system and device privileges enabled. It cannot be edited.

Package_User

Package user profile have read/write policy and objects privileges enabled, and have read-only access for system and other privileges.

No_Permission_User

No permission user profiles have no system or device privileges enabled.

Password_Change_User

Password change user profiles can only change passwords using the CLI or API and have no access to the FortiManager GUI or other features.

These profiles cannot be deleted, but standard and restricted profiles can be edited. New profiles can also be created as required. Only super user administrators can manage administrator profiles. Package user administrators can view the profile list.

Go to System Settings > Admin Profiles to view and manage administrator profiles.

The following options are available:

Create New

Create a new administrator profile. See Creating administrator profiles.

Edit

Edit the selected profile. See Editing administrator profiles.

Clone

Clone the selected profile. See Cloning administrator profiles.

Delete

Delete the selected profile or profiles. See Deleting administrator profiles.

Search

Search the administrator profiles list.

The following information is shown:

Name

The name the administrator uses to log in.

Type

The profile type: System Admin, Restricted Admin, or ADOM Scoped Admin.

Description

A description of the system and device access permissions allowed for the selected profile.