Permissions

Table 2: Areas of control in access profiles
Access profile setting	Grants access to*
Firewall	Firewall > ...	Web UI
firewall	config firewall	CLI
Log & Report	Log & Report >...	Web UI
log	config log ... config report ... execute formatlogdisk	CLI
Router	Router > ...	Web UI
router	config router ... execute telnettest ...	CLI
System	System > ...	Web UI
system	config system ... diagnose hardware ... diagnose network sniffer ... diagnose system ... except flash ... execute date ... execute ha ... execute ping ... execute ping-options ... execute traceroute ... execute time ...	CLI
Traffic Load Balance	Server Load Balance > ... Global Load Balance > ... Link Load Balance > ...	Web UI
load-balance	config link-load-balance ... config load-balance ... config global-dns-load-balance ... diagnose policy ...	CLI
* For each config command, there is an equivalent get/show command, unless otherwise noted. config access requires write permission. get/show access requires read permission.

Unlike other administrator accounts, the administrator account named admin exists by default and cannot be deleted. The admin administrator account is similar to a root administrator account. This administrator account always has full permission to view and change all FortiADC configuration options, including viewing and changing all other administrator accounts. Its name and permissions cannot be changed. It is the only administrator account that can reset another administrator’s password without being required to enter that administrator’s existing password.


	Set a strong password for the admin administrator account, and change the password regularly. By default, this administrator account has no password. Failure to maintain the password of the admin administrator account could compromise the security of your FortiADC appliance.