Description
This article provides a workaround for viewing and modifying the trusted host of other FortiGate administrators using a modified super_admin_readonly admin profile. and to create a user with the following admin profiles: admin_no_access and super_admin_readonly.
Scope
FortiGate.
Solution
It is expected behavior that a user with a super_admin_readonly admin profile cannot view the configured trusted host of other users using other admin profiles.
To view the trusted host of other FortiGate administrators use the following admin profile below:
admin_no_access.
prof_admin.
super_admin_readonly.
To create a new administrator or modify an existing user that is using the following admin profile below:
admin_no_access.
super_admin_readonly.
A super_admin_readonly admin profile needs to be modified. Refer below for a modified super_admin_readonly named 'Read_Only_Super_Admin':
Example:
- User testadmin is using the 'Read_Only_Super_Admin' admin profile. It will be able to create users with the following admin profiles:
- It will be possible to view trusted hosts of users with the following profiles:
- This modified admin profile will still not be able to view a trusted host of users using the super admin profile as seen below:
Related articles:
Technical Tip: How to create read only admin profile in FortiGate
Troubleshooting Tip: Unable to see other administrator accounts in FortiGate
Technical Tip: Interface Bandwidth Widget for read-only admin profile
