Fortinet 216 FortiWeb 5.0 Patch 6 Administration Guide
5. Click OK.
See also
•Configuring access profiles
•Grouping remote authentication queries for administrators
•Configuring the network interfaces
•Trusted hosts
•Permissions
Configuring access profilesAccess profiles determine administrator accounts’ permissions.
When an administrator has only read access to a feature, the administrator can access the web
UI page for that feature, and can use the get and show CLI command for that feature, but
cannot make changes to the configuration. There are no Create or Apply buttons, or config
CLI commands. Lists display only the View icon instead of icons for Edit, Delete or other
modification commands. Write access is required for modification of any kind.
Access Profile Select an existing access profile that indicates the permissions for this
administrator account. For more information on permissions, see
“Permissions” on page 47.
You can select prof_admin, a special access profile used by the admin
administrator account. However, selecting this access profile will not
confer all permissions of the admin administrator. For example, the
new administrator would not be able to reset lost administrator
passwords.
This option does not appear for the admin administrator account,
which by definition always uses the prof_admin access profile.
Tip: Alternatively, if your administrator accounts authenticate via a
RADIUS query, you can override this setting and assign their access
profile through the RADIUS server using RFC 2548 Microsoft
Vendor-specific RADIUS Attributes.
On the RADIUS server, create an attribute named:
ATTRIBUTE FortiWeb-Access-Profile 7
then set its value to be the name of the access profile that you want to
assign to this account. Finally, in the CLI, enter the command to enable
the override:
config system admin
edit "admin1”
set accprofile-override enable
end
If none is assigned on the RADIUS server, or if it does not match the
name of an existing access profile on FortiWeb, FortiWeb will fail back
to use the one locally assigned by this setting.
Setting name Description