Technical Tip: FortiAnalyzer and FortiManager non super_admin users cannot backup or restore configuration
| Description | This article describes why the FortiAnalyzer and FortiManager non super_admin users cannot back up or restore the configuration. |
| Scope | FortiAnalyzer and FortiManager. |
| Solution | Before software versions 6.4.15, 7.0.13, 7.2.6, and 7.4.3 for both FortiAnalyzer and FortiManager, a user with restricted admin profile permissions could run manual backups from WebUI or CLI, or even schedule automatic backups under config system backup all-settings. The backups could be restored as well by the same user with the restricted admin profile permissions.
Following a code revision, this behavior was considered a security risk in case a bad actor would manage to access the FortiAnalyzer or the FortiManager through a user account with restricted admin profile permissions.
Starting with software versions 6.4.15, 7.0.13, 7.2.6, 7.4.3, and 7.6, this security risk has been mitigated by allowing only for user accounts with super_admin profile permissions assigned to run manual backups through WebUI or CLI, to configure automatic backups under config system backup all-settings, or even restore backups.
Related article: |