Admin Profiles
Administrator profiles are used to control administrator access privileges to system features. Profiles are assigned to administrator accounts when an administrator is created.
Pre-defined profile types
There are three predefined administrator profiles, which cannot be modified or deleted:
- Super Admin: All functionalities are accessible.
- Read Only: Can view certain pages. This profile cannot change any system settings.
- Device: Can view certain pages for assigned devices. This profile cannot change any system settings.
-
Netshare: Can view certain pages for assigned network share, and supports Prioritize Netshare Scan. This profile cannot change any system settings.
All previous created users in earlier builds are mapped to these three default profiles.
Only the Super Admin user can create, edit, and delete administrator profiles and new users if the user is assigned Read Write privilege in System > Admin.
|
Full Access |
User can view and make changes to the system. |
|
Read Only |
User can only view information. |
|
None |
User cannot view or make changes to the system. |
Data access
There are two User Types:
| User type | Description |
|---|---|
| Full Access | This user type can access all of the data from different submission types. |
| Limited Access | This user type only can access the data from a Device and/or Netshare group. For more information, see Device Groups and Netshare Groups. |
User settings
|
Menu Access |
Description |
|
|---|---|---|
| Dashboard | Status |
Grant access to Dashboard > Status. |
| Scan Performance |
Grant access to Dashboard > Scan Performance. See Scan Performance (dashboard). |
|
| Operation Center |
Grant access to Dashboard > Operation Center. See Operation Center |
|
| Threats Analysis |
Grant access to Dashboard > Threats by Topology, Threats by Hosts, Threats by Files, Threats by Device. |
|
|
Security Fabric |
Device and FortiClient |
Grant access to Security Fabric > Device, FortiClient. See Device . |
|
|
Adapter |
Grant access to Security Fabric > Adapter. See Adapter. |
|
|
Network Share |
Grant access to Security Fabric > Network Share. See Network Share. |
|
|
Quarantine |
Grant access to Security Fabric > Quarantine. See Quarantine. |
|
|
Sniffer |
Grant access to Security Fabric > Sniffer. See Sniffer. |
|
|
FortiNDR |
Grant access to Security Fabric > FortiNDR. See FortiNDR. |
| Scan Job | Job Queue |
Grant access to Scan Job > Job Queue. See Job Queue. |
|
|
VM Jobs |
Grant access toScan Job > VM Jobs. See VM Jobs. |
|
|
Scan Searches |
Grant access toScan Job > File Job Search, URL Job Search. See File Job Search and URL Job Search. |
|
|
Overridden Verdicts |
Grant access toScan Job > Overridden Verdicts. See Overridden Verdicts. |
|
|
On Demand |
Grant access toScan Job > File On-Demand, URL On-Demand. See File On-Demand andURL On-Demand. |
| Mark FPN | Allow the profile to override a false positive or negative. | |
| Download Original File | Enable to download the original file from the Job Detail page. See FortiGuard. | |
| Allow On-Demand Scan Interaction | Enable to use VM interaction during the On-Demand scan or take scan snapshots in the VM Status page. | |
| Allow On-Demand Scan Video Recording | Allow the profile to take a video during the On-Demand scan and watch it later in the On-Demand page. | |
| Scan Policy and Object | Scan Configurations |
Grant access to Scan Policy and Object > Scan Profile, Job Priority, Job Archive, Allowlist/Blocklist, Web Category, Customized Rating, Yara Rules, Threat Intelligence, Global Network. See Scan Policy and Object. |
| VM Settings |
Grant access to Scan Policy and Object > VM Settings. See, VM Settings |
|
| Packages |
Grant access to Scan Policy and Object > Malware Package, URL Package, TCP RST Package. See Malware Package, URL Package, and TCP RST package. |
|
| System | Admin |
Grant access to System > Administrator, Admin Profile, Device Group, LDAP Servers, RADIUS servers, Certificates . See Administrators and Admin Profiles. |
| Network |
Grant access to System > Interfaces, DNS, Static Route. |
|
| Maintenance |
Grant access to System > Mail Servers, FortiGuard, Login Disclaimer, SNMP, System Recovery, Settings. |
|
| Event Calendar |
Grant access to System > Event Calendar, Event Calendar Settings. See Event Calendar |
|
| Job View Settings |
Grant access to System > Job View Settings. See Job View Settings. |
|
|
|
Prioritize Netshare Scan |
Grant access to Prioritize Netshare Scan. |
|
|
GUI Console |
Grant access to System > Console. |
| HA Cluster |
|
Grant access to the HA-Cluster settings. See HA-Cluster. |
| Logs & Reports | Log Events |
Grant access to Log & Report > Events > All Events, System Events, VM Events, Job Events, Notification Events. See Log Categories |
| Summary Report |
Grant access to Log & Report > Summary Report. See Summary Reports. |
|
| Report Center |
Grant access to Log & Report > Report Center. See Report Center. |
|
| Customize Report |
Grant access to Log & Report > Customize Report. See Customize Report. |
|
| File Statistic/Scan |
Grant access to Log & Report > File Statistics, File Scan. See File Statistics and File Scan. |
|
| Network Alerts |
Grant access to Log & Report > Network Alerts. See Network Alerts. |
|
| URL Statistic/Scan |
Grant access to Log & Report > URL Statistic, URL Scan. See URL Scan. |
|
| Log Servers |
Grant access to Log & Report > Log Servers. See Log Servers. |
|
| Settings |
Grant access to Log & Report > Settings. See Settings. |
|
| API/CLI Access | Click Disallowed or Allowed to disable or enable the setting. | |
| JSON API | Grant the profile JSON API privileges. | |
|
|
CLI Commands |
Grant privilege for the user to log in via SSH/Telnet. |