Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
jngouo_FTNT
Staff
Staff

Created on ‎04-13-2016 02:51 PM

Article Id 194011

Technical Note: How to allow Standard_Users in FortiManager to change their password

Description
This document explains how to allow  administrators with Standard_User or Restricted_User profiles to change their password in FortiManager.

Solution
In FortiManager 5.4,  Standard and Restricted users  do not have  System Privileges enabled,  This implies  that they do do not have the privilege to change their own password.  The administrator with the  Read-Write privilege  on the System Setting  can change the setting on any admin profile to allow password change by administrators to which the profile is applied. The change has to be done at the cli level.

-To confirm that the password change is disable under the admin profile run this command:
#get system admin profile Restricted_User ----------the The Restricted_User profile can be replaced by any other profile name.

FMG-VM # get system  admin profile Restricted_User
profileid           : Restricted_User
description         : Restricted user profiles have no System Privileges enabled, and have read-only access for all Device Privileges.
type                : system
scope               : global
system-setting      : none
adom-switch         : none
global-policy-packages: none
assignment          : none
read-passwd         : none
device-manager      : read
device-config       : read
device-op           : none
device-wan-link-load-balance: read
device-ap           : read
device-forticlient  : read
device-profile      : read
policy-objects      : read
deploy-management   : read
config-retrieve     : read
term-access         : read
adom-policy-packages: read
vpn-manager         : read
realtime-monitor    : read
consistency-check   : read
fgd_center          : none
log-viewer          : read
report-viewer       : read
event-management    : read
change-password     : disable ------------------The option to change password is disabled by default.

After the above changes, any administrators with the modified admin profile can now see the change password icon in the navigation pane after login to the Fortimanager.

config system  admin profile
   edit Restricted_User
   set change-password en
end



981
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.