Technical Tip: Error when creating VIP from a Custom admin having read/write access admin profile
| Description | This article describes why objects under the Global scope cannot be created by a custom admin having a custom profile with read/write access. |
| Scope | FortiWeb v7.6. |
| Solution | Custom Admin users who are using profiles other than prof_admin, even though that profile has read/write access, are not able to make changes to the object that belongs to the global scope.
Error can be seen as below:
If the Custom Admin uses the prof_admin profile, the user will be able to create the global scope objects, such as a Virtual IP.
This is by design in v7.6.x. This modification is made to better align with the design logic of ADOM. For features that belong to the global scope, they can only be modified by the prof-admin. |
