Fortinet FortiGate Series Administration Manual page 268

Administrators
268
Figure 118: New Administrator dialog box displaying super_admin readonly option
Users assigned to the super_admin profile:
• cannot delete logged-in users who are also assigned the super_admin profile
• can delete other users assigned the super_admin profile and/or change the configured
authentication method, password, or admin profile, only if the other users are not
logged in
• can delete the default "admin" account only if the default admin user is not logged in.
By default, admin has no password. The password should be 32 characters or less.
Note: The password of users with the super_admin admin profile can be reset in the CLI. If
the password of a user who is logged in is changed, the user will be logged out and
prompted to re-authenticate with the new password.
Example: For a user ITAdmin with the admin profile super_admin, to set the password to
123456:
config sys admin
edit ITAdmin
set password 123456
end
Example: For a user ITAdmin with the admin profile super_admin, to reset the password
from 123456 to the default 'empty':
config sys admin
edit ITAdmin
unset password 123456
end
There is also an admin profile that allows read-only super admin privileges,
super_admin_readonly. This profile cannot be deleted or changed, similar to the
super_admin. The read-only super_admin profile is suitable in a situation where it is
necessary for a system administrator to troubleshoot a customer configuration without
being able to make changes. Other than being read-only, the super_admin_readonly
profile can view all the FortiGate configuration tools.
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/
System Admin
• Feedback