Description |
This article describes that normal API admin could not show super admin user and needs to change profile via CLI:
curl -k -X 'GET' 'https://<FGT-IP>:443/api/v2/cmdb/system/admin?access_token=<API key>' -H 'accept: application/json' -H 'Content-Type: application/json'
{ "http_method":"GET", "size":1, "matched_count":0, "next_idx":0, "revision":"472de3e5186943a752314a08a7d19718", "results":[ ], "vdom":"root", "path":"system", "name":"admin", "status":"success", "http_status":200, "serial":"<FGT SN>", "version":"v7.2.6", "build":1575
} |
Scope | FortiGate, API, admin profile. |
Solution |
Change API Admin accprofile from 'api-rw' to 'super_admin' via CLI (GUI not working):
FGT # show sys api-user config system api-user edit "api-adm" set api-key ENC SH2K0D2YFgGzBPdYdX6Oappo0Jop4WAwbXCegvi0PL3jBPEh36shFGzRDDf4Og= set accprofile "api-rw" set vdom "root" next end FGT # c sys api-user FGT (api-user) # edit api-adm FGT (api-adm) # set accprofile super_admin FGT (api-adm) # next FGT (api-user) # end FGT #
After that, api-adm can query the admin user:
As api-adm has a super_admin access profile, it will work as super admin. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.