Help
FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
gsharma
Staff
Staff

Created on ‎05-13-2025 01:07 AM Edited on ‎06-27-2025 02:19 AM By Moderator

Article Id 391591

Technical Tip: Error when creating VIP from a Custom admin having read/write access admin profile

Description

This article describes why objects under the Global scope cannot be created by a custom admin having a custom profile with read/write access.
Scope FortiWeb v7.6.
Solution

Custom Admin users who are using profiles other than prof_admin, even though that profile has read/write access, are not able to make changes to the object that belongs to the global scope.

 

Error can be seen as below:

 

snip.jpg

 snip2.jpg

 

snip3.jpg

 

If the Custom Admin uses the prof_admin profile, the user will be able to create the global scope objects, such as a Virtual IP.

 

This is by design in v7.6.x. This modification is made to better align with the design logic of ADOM. For features that belong to the global scope, they can only be modified by the prof-admin.

 

102
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.