In some environments, it may be required to give read-only access to the Security profiles (UTM) configured on the FortiGate and nothing else. This can be done to give a SOC team a means of seeing changes to security profile configurations without the access to change anything.

The steps to achieve this are outlined below: 

1. Log in to the firewall using an administrator account with the super_admin profile.
2. Create an admin profile with no permissions except read permissions for Security profiles.

Using the CLI:

config system accprofile
     edit "utm_read_only"
         set utmgrp read
     next
end

3. Next, create an admin account and assign the profile created previously to it. Create an admin username and assign a preferred password.

Using the CLI:

config system admin
    edit "utmAdmin"
        set accprofile "utm_read_only"
    next
end

4. Finally, log in with the new admin account and password to confirm the access permissions available are just for UTM.