config system accprofile

Use this command to configure access profiles. This command governs which areas of the web-based manager and CLI that administrators can access and whether they have permission to change the configuration or other items in each area.

Everyone is treated as an administrator. Set up non-administrators with a custom non-administrator accprofile.

The GUI Admin Profiles is the accprofile. Only the default SuperAdminProfile can modify Admin Profiles and accprofile. Only administrators with the default SuperAdminProfile can reboot or shut down the system.

Syntax

config system accprofile
    edit <profile_name>
        set system-access {none | read | read-write}  
        set system-config {none | read | read-write}
        set system-maintenance {none | read | read-write}
        set system-status {none | read | read-write}
    end

Variable	Description	Default
`<profile_name>`	Name of the access profile.
`system-access {none \| read \| read-write}`	Specify the account permission associated with this access profile. The `read-write` permission gives access to settings critical to FortiNDR network accessibility, including GUI console, network, administrator, admin profiles, certificates, and RADIUS/LDAP authentication.	`none`
`system-config {none \| read \| read-write}`	Specify the account permission associated with this access profile. The `read-write` permission gives access to modify other system settings such as system time settings, system FortiGuard update, and Security Fabric settings.	`none`
`system-maintenance {none \| read \| read-write}`	Specify the account permission associated with this access profile. The `read-write` permission gives access to system maintenance settings such as back up system configuration, restore configuration, and restore firmware.	`none`
`system-status {none \| read \| read-write}`	Specify the account permission associated with this access profile. The `read-write` permission gives access to the system to check its status. Users with this permission set to `none` cannot log into the system. The default is `none` in the GUI.	`none`

config system accprofile

Everyone is treated as an administrator. Set up non-administrators with a custom non-administrator accprofile.

Syntax

config system accprofile edit <profile_name> set system-access {none | read | read-write} set system-config {none | read | read-write} set system-maintenance {none | read | read-write} set system-status {none | read | read-write} end

Variable

Description

Default

<profile_name>

Name of the access profile.

system-access {none | read | read-write}

Specify the account permission associated with this access profile. The read-write permission gives access to settings critical to FortiNDR network accessibility, including GUI console, network, administrator, admin profiles, certificates, and RADIUS/LDAP authentication.

none

system-config {none | read | read-write}

Specify the account permission associated with this access profile. The read-write permission gives access to modify other system settings such as system time settings, system FortiGuard update, and Security Fabric settings.

none

system-maintenance {none | read | read-write}

Specify the account permission associated with this access profile. The read-write permission gives access to system maintenance settings such as back up system configuration, restore configuration, and restore firmware.

none

system-status {none | read | read-write}

Specify the account permission associated with this access profile. The read-write permission gives access to the system to check its status.

Users with this permission set to none cannot log into the system. The default is none in the GUI.

none

CLI reference