Fortinet black logo

Administration Guide

Home FortiSandbox 4.2.3 Administration Guide
4.2.3
4.4.5
4.4.4
4.4.3
4.4.2
4.4.1
4.4.0
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.0.5
4.0.4
4.0.3
4.0.2
4.0.1
4.0.0
3.2.4
3.2.3
3.2.2
3.2.1
3.2.0
3.1.5
3.1.4
3.1.3
3.1.2
3.1.1
3.1.0
3.0.7
3.0.6

Admin Profiles

Admin Profiles

Administrator profiles are used to control administrator access privileges to system features. Profiles are assigned to administrator accounts when an administrator is created.

There are three predefined administrator profiles, which cannot be modified or deleted:

  • Super Admin: All functionalities are accessible.
  • Read Only: Can view certain pages but cannot change any system setting.
  • Device: Can view certain pages about assigned devices, but cannot change any system setting.

All previous created users in earlier builds are mapped to these three default profiles.

Only the Super Admin user can create, edit, and delete administrator profiles and new users if the user is assigned Read Write privilege in System > Admin.

Read Write

User can view and make changes to the system.

Read Only

User can only view information.

None

User cannot view or make changes to the system.

Menu Access

Description
Dashboard Status

Grant access to Dashboard > Status.

Scan Performance

Grant access to Dashboard > Scan Performance. See Scan Performance (dashboard).
Operation Center

Grant access to Dashboard > Operation Center. See Operation Center
Threats Analysis

Grant access to Dashboard > Threats by Topology, Threats by Hosts, Threats by Files, Threats by Device.
Security Fabric

Grant access to Security Fabric > Device, FortiClient, Adapter, Network Share, Quarantine, Sniffer, FortiNDR. See Security Fabric.
Scan Job Job Queue

Grant access to Scan Job > Job Queue. See Job Queue.
VM Jobs

Grant access to Scan Job > VM Jobs. See VM Jobs.
Scan Searches

Grant access to Scan Job > File Job Search, URL Job Search. See File Job Search and URL Job Search.
Overridden Verdicts

Grant access to Scan Job > Overridden Verdicts. See Overridden Verdicts.
On Demand

Grant access to Scan Job > File On-Demand, URL On-Demand. See File On-Demand andURL On-Demand.

Scan Policy and Object Scan Configurations

Grant access to Scan Policy and Object > Scan Profile, General Settings, Job Priority, Job Archive, Allowlist/Blocklist, Web Category, Customized Rating, Yara Rules, Threat Intelligence, Global Network. See Scan Policy and Object.
VM Settings

Grant access to Scan Policy and Object > VM Settings. See VM Settings
Packages

Grant access to Scan Policy and Object > Malware Package, URL Package, TCP RST Package. See Malware Package, URL Package, and TCP RST package.
System Admin

Grant access to System > Administrator, Admin Profile, Device Group, LDAP Servers, RADIUS servers, Certificates . See Administrators and Admin Profiles.
Network

Grant access to System > Interfaces, DNS, Static Route.
Maintenance

Grant access to System > Mail Servers, FortiGuard, Login Disclaimer, SNMP, System Recovery, Settings.
Event Calendar

Grant access to System > Event Calendar, Event Calendar Settings.

See Event Calendar
Job View Settings

Grant access to System > Job View Settings. See Job View Settings.
HA Cluster

Grant access to the HA-Cluster settings. See HA-Cluster.
Logs & Reports Log Events

Grant access to Log & Report > Events > All Events, System Events, VM Events, Job Events, Notification Events. See Log Categories
Summary Report

Grant access to Log & Report > Summary Report. See Summary Reports.
Report Center

Grant access to Log & Report > Report Center. See Report Center.
Customize Report

Grant access to Log & Report > Customize Report. See Customize Report.
File Statistic/Scan

Grant access to Log & Report > File Statistics, File Scan. See File Statistics and File Scan.
Network Alerts

Grant access to Log & Report > Network Alerts. See Network Alerts.
URL Statistic/Scan

Grant access to Log & Report > URL Statistic, URL Scan. See URL Scan.
Log Servers

Grant access to Log & Report > Log Servers. See Log Servers.
Log Settings

Grant access to Log & Report > Log Settings. See Local Log
Control Access

Click to Disable or Enable all the Control Access settings.
Mark FPN

Allow the profile to override a false positive or negative.

Download Original File

Enable to download the original file from the Job Detail page. See FortiGuard.
JSON API

Grant the profile JSON API privileges.

Allow On-Demand Scan Interaction

Enable to use VM interaction during the On-Demand scan or take scan snapshots in the VM Status page.
Allow On-Demand Scan Video Recording

Allow the profile to take a video during the On-Demand scan and watch it later in the On-Demand page.
Previous
Next

Admin Profiles

Administrator profiles are used to control administrator access privileges to system features. Profiles are assigned to administrator accounts when an administrator is created.

There are three predefined administrator profiles, which cannot be modified or deleted:

  • Super Admin: All functionalities are accessible.
  • Read Only: Can view certain pages but cannot change any system setting.
  • Device: Can view certain pages about assigned devices, but cannot change any system setting.

All previous created users in earlier builds are mapped to these three default profiles.

Only the Super Admin user can create, edit, and delete administrator profiles and new users if the user is assigned Read Write privilege in System > Admin.

Read Write

User can view and make changes to the system.

Read Only

User can only view information.

None

User cannot view or make changes to the system.

Menu Access

Description
Dashboard Status

Grant access to Dashboard > Status.

Scan Performance

Grant access to Dashboard > Scan Performance. See Scan Performance (dashboard).
Operation Center

Grant access to Dashboard > Operation Center. See Operation Center
Threats Analysis

Grant access to Dashboard > Threats by Topology, Threats by Hosts, Threats by Files, Threats by Device.
Security Fabric

Grant access to Security Fabric > Device, FortiClient, Adapter, Network Share, Quarantine, Sniffer, FortiNDR. See Security Fabric.
Scan Job Job Queue

Grant access to Scan Job > Job Queue. See Job Queue.
VM Jobs

Grant access to Scan Job > VM Jobs. See VM Jobs.
Scan Searches

Grant access to Scan Job > File Job Search, URL Job Search. See File Job Search and URL Job Search.
Overridden Verdicts

Grant access to Scan Job > Overridden Verdicts. See Overridden Verdicts.
On Demand

Grant access to Scan Job > File On-Demand, URL On-Demand. See File On-Demand andURL On-Demand.

Scan Policy and Object Scan Configurations

Grant access to Scan Policy and Object > Scan Profile, General Settings, Job Priority, Job Archive, Allowlist/Blocklist, Web Category, Customized Rating, Yara Rules, Threat Intelligence, Global Network. See Scan Policy and Object.
VM Settings

Grant access to Scan Policy and Object > VM Settings. See VM Settings
Packages

Grant access to Scan Policy and Object > Malware Package, URL Package, TCP RST Package. See Malware Package, URL Package, and TCP RST package.
System Admin

Grant access to System > Administrator, Admin Profile, Device Group, LDAP Servers, RADIUS servers, Certificates . See Administrators and Admin Profiles.
Network

Grant access to System > Interfaces, DNS, Static Route.
Maintenance

Grant access to System > Mail Servers, FortiGuard, Login Disclaimer, SNMP, System Recovery, Settings.
Event Calendar

Grant access to System > Event Calendar, Event Calendar Settings.

See Event Calendar
Job View Settings

Grant access to System > Job View Settings. See Job View Settings.
HA Cluster

Grant access to the HA-Cluster settings. See HA-Cluster.
Logs & Reports Log Events

Grant access to Log & Report > Events > All Events, System Events, VM Events, Job Events, Notification Events. See Log Categories
Summary Report

Grant access to Log & Report > Summary Report. See Summary Reports.
Report Center

Grant access to Log & Report > Report Center. See Report Center.
Customize Report

Grant access to Log & Report > Customize Report. See Customize Report.
File Statistic/Scan

Grant access to Log & Report > File Statistics, File Scan. See File Statistics and File Scan.
Network Alerts

Grant access to Log & Report > Network Alerts. See Network Alerts.
URL Statistic/Scan

Grant access to Log & Report > URL Statistic, URL Scan. See URL Scan.
Log Servers

Grant access to Log & Report > Log Servers. See Log Servers.
Log Settings

Grant access to Log & Report > Log Settings. See Local Log
Control Access

Click to Disable or Enable all the Control Access settings.
Mark FPN

Allow the profile to override a false positive or negative.

Download Original File

Enable to download the original file from the Job Detail page. See FortiGuard.
JSON API

Grant the profile JSON API privileges.

Allow On-Demand Scan Interaction

Enable to use VM interaction during the On-Demand scan or take scan snapshots in the VM Status page.
Allow On-Demand Scan Video Recording

Allow the profile to take a video during the On-Demand scan and watch it later in the On-Demand page.
Previous
Next