Description
This article describes the behavior of Prof admin administrators when the FortiGate is managed from FortiManager.
Scope
FortiGate.
Solution
When a FortiGate is managed from FortiManager, the Prof admin VDOM administrators do not have the read-write mode when they are accessing GUI, even if read-write permissions are obtained.
Only the read-only option is available.
Only Global scope administrators have read-write permissions when accessing GUI.
This behavior is, by design, to prevent accidental out-of-sync issues. This restriction applies only for GUI access, in CLI the Prof admin administrators will have read-write access depending on how permissions are configured in the profile.
A way to overwrite this behavior is to change the cental-management mode to backup:
config system central-management
set mode backup
end
After this change, the Prof admin administrators will have read-write access in GUI depending on how the permissions are configured.
Note:
In backup mode, all the changes should be performed directly to FortiGate and FortiManager and will be used to backup the configurations.
Change in Behavior for Prof_Admin VDOM Administrators in FortiGate managed by FortiManager.
In v7.2.11, v7.4.8, and v7.6.1 a behavior change has been implemented. Users logging into a VDOM as Prof_Admin will now have the same access as it would if the FortiGate was not running in VDOM mode.
