config system accprofile
Configure access profiles for system administrators.
config system accprofile
Description: Configure access profiles for system administrators.
edit <name>
set scope [vdom|global]
set comments {var-string}
set mntgrp [none|read|...]
set admingrp [none|read|...]
set updategrp [none|read|...]
set authgrp [none|read|...]
set sysgrp [none|read|...]
set netgrp [none|read|...]
set loggrp [none|read|...]
set routegrp [none|read|...]
set fwgrp [none|read|...]
set certgrp [none|read|...]
set utmgrp [none|read|...]
set wanoptgrp [none|read|...]
config fwgrp-permission
Description: Custom firewall permission.
set policy [none|read|...]
set address [none|read|...]
set service [none|read|...]
set schedule [none|read|...]
set packet-capture [none|read|...]
set others [none|read|...]
end
config loggrp-permission
Description: Custom Log & Report permission.
set config [none|read|...]
set data-access [none|read|...]
set report-access [none|read|...]
set threat-weight [none|read|...]
end
config utmgrp-permission
Description: Custom Security Profile permissions.
set antivirus [none|read|...]
set ips [none|read|...]
set webfilter [none|read|...]
set spamfilter [none|read|...]
set data-loss-prevention [none|read|...]
set application-control [none|read|...]
set icap [none|read|...]
set voip [none|read|...]
set dnsfilter [none|read|...]
end
set admintimeout-override [enable|disable]
set admintimeout {integer}
next
end
config system accprofile
|
Parameter |
Description |
Type |
Size |
|||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
name |
Profile name. |
string |
Maximum length: 35 |
|||||||||||
|
scope |
Scope of admin access: global or specific VDOM(s). |
option |
- |
|||||||||||
|
|
|
|||||||||||||
|
comments |
Comment. |
var-string |
Maximum length: 255 |
|||||||||||
|
mntgrp |
Administrator access to maintenance commands including reset to factory defaults, format log disk, reboot, restore, and shutdown. |
option |
- |
|||||||||||
|
|
|
|||||||||||||
|
admingrp |
Administrator access to add, remove, and edit admin accounts and access profiles. |
option |
- |
|||||||||||
|
|
|
|||||||||||||
|
updategrp |
Administrator access to the FortiGuard configuration and requesting FortiGuard updates. |
option |
- |
|||||||||||
|
|
|
|||||||||||||
|
authgrp |
Administrator access to Users and Devices. |
option |
- |
|||||||||||
|
|
|
|||||||||||||
|
sysgrp |
Administrator access to System administration settings. |
option |
- |
|||||||||||
|
|
|
|||||||||||||
|
netgrp |
Administrator access to Networking settings. |
option |
- |
|||||||||||
|
|
|
|||||||||||||
|
loggrp |
Administrator access to Logging and Reporting including viewing log messages. |
option |
- |
|||||||||||
|
|
|
|||||||||||||
|
routegrp |
Administrator access to the Routing configuration. |
option |
- |
|||||||||||
|
|
|
|||||||||||||
|
fwgrp |
Administrator access to the Firewall configuration. |
option |
- |
|||||||||||
|
|
|
|||||||||||||
|
certgrp |
Administrator access to the Certificate Configuration. |
option |
- |
|||||||||||
|
|
|
|||||||||||||
|
utmgrp |
Administrator access to Security Profiles. |
option |
- |
|||||||||||
|
|
|
|||||||||||||
|
wanoptgrp |
Administrator access to WAN Opt & Cache. |
option |
- |
|||||||||||
|
|
|
|||||||||||||
|
admintimeout-override |
Enable/disable overriding the global administrator idle timeout. |
option |
- |
|||||||||||
|
|
|
|||||||||||||
|
admintimeout |
Administrator timeout for this access profile. |
integer |
Minimum value: 1 Maximum value: 480 |
|||||||||||
config fwgrp-permission
|
Parameter |
Description |
Type |
Size |
|||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
policy |
Policy Configuration. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
address |
Address Configuration. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
service |
Service Configuration. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
schedule |
Schedule Configuration. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
packet-capture |
Packet Capture configuration. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
others |
Other firewall configuration. |
option |
- |
|||||||||
|
|
|
|||||||||||
config loggrp-permission
|
Parameter |
Description |
Type |
Size |
|||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
config |
Log & Report configuration. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
data-access |
Log & Report Data Access. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
report-access |
Log & Report Report Access. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
threat-weight |
Log & Report Threat Weight. |
option |
- |
|||||||||
|
|
|
|||||||||||
config utmgrp-permission
|
Parameter |
Description |
Type |
Size |
|||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
antivirus |
Antivirus profiles and settings. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
ips |
IPS profiles and settings. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
webfilter |
Web Filter profiles and settings. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
spamfilter |
AntiSpam filter and settings. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
data-loss-prevention |
DLP profiles and settings. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
application-control |
Application Control profiles and settings. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
icap |
ICAP profiles and settings. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
voip |
VoIP profiles and settings. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
dnsfilter |
DNS Filter profiles and settings. |
option |
- |
|||||||||
|
|
|
|||||||||||