Hot!Read only account to get device configuration

Author
nbgiridar
New Member
  • Total Posts : 7
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/10/30 09:26:16
  • Status: offline
2020/11/30 23:33:18 (permalink)
0

Read only account to get device configuration

Hi All,
 
is it possible to create a read only account that can run below command 
 
config global config system console set out standard end show null 
#1

5 Replies Related Threads

    Alexis_Esp
    New Member
    • Total Posts : 10
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/12/01 03:46:51
    • Status: offline
    Re: Read only account to get device configuration 2020/12/01 04:29:18 (permalink)
    0
    Hello,
     
    I'm not sure I understand the question well, but I don't think you can filter permissions that much. Take a look at the access profiles:
    https://docs.fortinet.com/document/fortigate/6.2.2/cli-reference/2620/system-accprofile
     
    and administration profiles:
    https://docs.fortinet.com/document/fortigate/latest/administration-guide/294491/administrator-profiles
     
    You can filter much of the information to the administrator of your choice, but not as much.
     
    #2
    nbgiridar
    New Member
    • Total Posts : 7
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/10/30 09:26:16
    • Status: offline
    Re: Read only account to get device configuration 2020/12/01 05:28:00 (permalink)
    0
    Thank you Alexis, 
     
    i need an account that can run the above command but with out any permission to change any settings
    #3
    Alexis_Esp
    New Member
    • Total Posts : 10
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/12/01 03:46:51
    • Status: offline
    Re: Read only account to get device configuration 2020/12/01 06:16:04 (permalink)
    0
    Hi,
     
    if you only need the user to be unable to modify, a read only user is sufficient. If, in addition, you only want me to see certain parts of the configuration, you will need test with the profiles.
     
    Br
    #4
    Yurisk
    Gold Member
    • Total Posts : 157
    • Scores: 32
    • Reward points: 0
    • Joined: 2011/12/04 03:30:01
    • Status: online
    Re: Read only account to get device configuration 2020/12/01 08:27:20 (permalink)
    0
    Not exactly a read-only administrator user, but rather a user that can run only selected set of CLI commands - no, built-in means of Fortigate do not provide such option. 
    #5
    nbgiridar
    New Member
    • Total Posts : 7
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/10/30 09:26:16
    • Status: offline
    Re: Read only account to get device configuration 2020/12/02 20:51:05 (permalink)
    0
    thank you all
    #6
    Jump to:
    © 2021 APG vNext Commercial Version 5.5