| Description |
This article describes the cause and resolution for the error 'Cannot create an Admin Profile with greater permissions than your own' encountered when attempting to create an admin profile in FortiGate. |
| Scope | FortiGate. |
| Solution |
In FortiGate, admin profiles define the permissions and access levels for administrative users. The FortiGate system enforces a security restriction where an admin user cannot create or assign a profile with permissions exceeding their own. When this error is observed, it indicates that the admin user attempting to create the profile does not have sufficient permissions to grant the desired privileges.
For example, if an admin user (admin1) lacks the privilege to run diagnostic commands, it will not be possible to create a new admin profile that includes diagnostic command permissions.
The admin1 user has a prof_admin profile, which does not have permissions to run diagnostic commands.
To verify the current admin’s profile, use the following command on FortiGate:
get system admin status
Resolution: Log in to the FortiGate system as a super-admin or an admin with sufficient permissions to create profiles. |
