Access profiles control which CLI commands an administrator account can access. Access profiles assign either read, write, or no access to each area of FortiOS. To view configurations, you must have read access. To make changes, you must have write access. So, depending on the account used to log in to the FortiGate, you may not have complete access to all CLI commands. For complete access to all commands, you must log in with an administrator account that has the
super_admin access profile. By default the admin administrator account has the
super_admin access profile.
Administrator accounts, with the
super_admin access profile are similar to a root administrator account that always has full permission to view and change all FortiGate configuration options, including viewing and changing all other administrator accounts and including changing other administrator account passwords.
Set strong passwords for all administrator accounts (including the
admin account) and change passwords regularly.
For more information about increasing the security of administrator accounts, see System administrator best practices.