Skip to main content
funkylicious
SuperUser
funkylicious
SuperUser
December 2, 2022
Solved

FortiGate RBAC - users

  • December 2, 2022
  • 3 replies
  • 2967 views

Hello,

 

I would like to restrict access to certain users which are assigned a custom profile, access to the configuration of all Traffic Shaper / Traffic Shaping Policy / Profile options/config and was wondering if it can be achieved somehow.

The restrictions would need to be for both CLI / GUI and what I've tried is :

- put System > Configuration to Read on the profile, but that would only disable Feature Visibility from the GUI for them, but they would still work from CLI

- put Firewall > Others to Read, this would achieve want I want but would disable access to IP Pools / Protocol options.


Any help would be appreciated.

 

L.E. Running FortiOS 6.4.10

Best answer by Anthony_E

Hello,

 

I have asked one of our FortiGate experts and for him, it would not be possible.

He would need to lab it to be sure.

 

I hope this answer will help.

 

Regards,

 

 

3 replies

Anthony_E
Staff
Anthony_E
Staff
December 5, 2022

Hello,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Regards,

Best Regards
Anthony_E
Staff
Anthony_EAnswer
Staff
December 9, 2022

Hello,

 

I have asked one of our FortiGate experts and for him, it would not be possible.

He would need to lab it to be sure.

 

I hope this answer will help.

 

Regards,

 

 

Best Regards
funkylicious
SuperUser
funkyliciousAuthor
SuperUser
December 9, 2022

Hi,
Just as I imagined.

It would be nice if future releases would provide more granular access / to what features/commands a user can use and what can be configured under the profiles assign to it.


Paul

"jack of all trades, master of none"
Anthony_E
Staff
Anthony_E
Staff
December 9, 2022

Hello Paul,

 

I will suggest it.

 

Regards,

Best Regards
Terms & ConditionsAccessibility statement