System Admin Admin profiles
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 281
http://docs.fortinet.com/ • Feedback
Read-only access enables the administrator to view the web-based manager page. The
administrator needs write access to change the settings on the page.
You can expand the firewall configuration access control to enable more granular control
of access to the firewall functionality. You can control administrator access to policy,
address, service, schedule, profile, and other virtual IP (VIP) configurations.
The admin profile has a similar effect on administrator access to CLI commands. The
following table shows which command types are available in each Access Control
category. You can access “get” and “show” commands with Read Only access. Access to
“config” commands requires Read-Write access.
Table 40: Admin profile control of access to Web-based manager pages
Access control Affected web-based manager pages
Admin Users System > Admin
System > Admin > Central Management
System > Admin > Settings
Antivirus Configuration UTM > AntiVirus
Auth Users User
Firewall Configuration Firewall
FortiGuard Update System > Maintenance > FortiGuard
IM, P2P & VoIP Configuration IM, P2P & VoIP > Statistics
IM, P2P & VoIP > User > Current Users
IM, P2P & VoIP > User > User List
IM, P2P & VoIP > User > Config
IPS Configuration UTM > Intrusion Protection
Log&Report Log&Report
Maintenance System > Maintenance
Network Configuration System > Network > Interface
System > Network > Zone
System > DHCP
Router Configuration Router
Spamfilter Configuration UTM > AntiSpam
System Configuration System > Status, including Session info
System > Config
System > Hostname
System > Network > Options
System > Admin > Central Management
System > Admin > Settings
System > Status > System Time
VPN Configuration VPN
Webfilter Configuration UTM > Web Filter
Note: When Virtual Domain Configuration is enabled (see “Settings” on page 286), only the
administrators with the admin profile super_admin have access to global settings. Other
administrator accounts are assigned to one VDOM and cannot access global configuration
options or the configuration for any other VDOM.
For information about which settings are global, see “VDOM configuration settings” on
page 160.
To Next Page
Loading...
Need help?
General
