|Description||This article describes how to avoid issues where admin users have read-write access even though only read-only access was configured.|
In some scenarios, admin users with remote-auth enabled and read-only access configured can have both read and write access. This occurs when the wildcard option is enabled on both admin profiles.
To learn how to configure remote-auth, refer to page 52 and 77 of the following document: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/d887c3dd-ee67-11ec-bb32-fa163e....
To use remote-auth, admin users login on FortiSwitch. Currently, only a single administrator with wildcards is supported at a time. If the wildcard is enabled on two or more system admins, such as where one system has a super_admin profile and another has a prof_viewer profile, the identity is verified as 'super_admin system admin', which causes the read-only user to have read and write access after logging in.
To ensure admins have the correct access, it is recommended to enable the wildcard option only on one super admin profile.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.