Specific device permission access within a different adom

Question

Hi,Is it possible to grant specific access to a device to and Administrator ?Here's the situation I would like to be table to grand an admin full access to ADOMB. However in the function he require to do, he need to have access to a device within ADOMA. I don't want to grant that admin full access to the device in ADOMA, he should be able to only manage VPNs on device within ADOMA, but should have full access to devices on ADOMB. Is this something possible?

subramanis · Answer

Hello paulinster,

Yes, It's possible using custom admin profile or prof_admin.

Example:

user1--ADOMB ---> use super_admin profile full access

user2--ADOMA ---> use custom admin profile and provide read/write access to only VPN

Please check the below documents.

https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/938921/creating-per-vdom-administrators

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Prof-Admin-admin-profile-will-not-be-able-to-back/ta-p/196878

Thanks

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded