Read-Only Admin Profile
(2022-02-15)
Problem
I want a (or a bunch of) read-only admin(s) with global scope.
Solution
# config global
# config system accprofile
edit "admin_readonly"
set admingrp read
set authgrp read
set endpoint-control-grp read
set fwgrp read
set loggrp read
set mntgrp read
set netgrp read
set routegrp read
set sysgrp read
set updategrp read
set utmgrp read
set vpngrp read
set wanoptgrp read
set wifi read
set scope global
next
end
Notes:
- these instructions are for 6.2 or higher, some of these "set" commands don't work in 6.0.
- for scope restrictions, set scope is your friend.
(Source)