Read-Only Admin Profile
(2022-02-15)
Notes:
Source)
Problem
I want a (or a bunch of) read-only admin(s) with global scope.Solution
# config global
# config system accprofile
edit "admin_readonly"
set admingrp read
set authgrp read
set endpoint-control-grp read
set fwgrp read
set loggrp read
set mntgrp read
set netgrp read
set routegrp read
set sysgrp read
set updategrp read
set utmgrp read
set vpngrp read
set wanoptgrp read
set wifi read
set scope global
next
end- these instructions are for 6.2 or higher, some of these "set" commands don't work in 6.0.
- for scope restrictions, set scope is your friend.
Source)
no comments |
post comment
Virtual Dave Megaplex:
- Home Page
- This wiki's start page
- Send Feedback To Dave
Logged in Users: (0)
Recently Changed
Check Internet Service Database Match- Device-Local Certificate Expired
- CLI Policy Lookup
- DH Selection For IPsec VPNs
- Scan For Newly Added Disk
- nmap
- Seconds Since Epoch to Local Time
- Link Monitor
- DH group to OAKLEY_GROUP table
- Fire Eater
- start
- FortiClient Error Codes
- dhparams Generation
- SSL Certificate Bundles
- ufw
- Grow A LVM Partition
- Creating Users
- whoami
- list databases
- 2023
- 2022
- 2019
- 2018
- 2017
- 2011
- 2010
- 2008
- 2001
- 2000
- 1999
Editing: snipsnap-help, Image Macro(Et auditum est, et idcirco ego nunc simulare)
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.