| Description | This article describes how to restrict admin users to take only configuration backups on FortiGate. |
| Scope | FortiGate v7.2.9, v7.4.4 onwards |
| Solution |
Requirement: Restrict admin users to take configuration backup on FortiGate and not have any access privileges to modify or change the configuration.
Create a custom Admin Profile under System -> Admin Profiles and select 'Create new'.
Specify the Admin profile name example above 'BackupAdmin'. Next Permissions needs to be enabled to provide only access to take backup configuration which is as below:
In the Access Permissions settings, assign 'Read' permissions to all Access Controls except for the 'System' Access Control, which should be configured with 'Custom' permissions. Grant 'Read/Write' permissions exclusively to the 'Administrator Users' Access Control, while ensuring that all other Access Controls are assigned 'Read' permissions.
Create a new Admin User example named 'Backup' and select the Admin profile which was created above as 'BackupAdmin':
Once the admin user is created, log in to FortiGate using the 'backup' user and verify if a backup can be taken:
|
