Chapter 10 Install and System Administration for FortiOS 5.0 : Using the CLI : Permissions
  
Permissions
Depending on the account that you use to log in to the FortiGate unit, you may not have complete access to all CLI commands. Access profiles control which CLI commands an administrator account can access. Access profiles assign either read, write, or no access to each area of the FortiGate software. To view configurations, you must have read access. To make changes, you must have write access.
Unlike other administrator accounts, the administrator account named admin exists by default and cannot be deleted. The admin administrator account is similar to a root administrator account. This administrator account always has full permission to view and change all FortiGate configuration options, including viewing and changing all other administrator accounts. Its name and permissions cannot be changed. It is the only administrator account that can reset another administrator’s password without being required to enter that administrator’s existing password.
 
Set a strong password for the admin administrator account, and change the password regularly. By default, this administrator account has no password. Failure to maintain the password of the admin administrator account could compromise the security of your FortiGate unit.
For complete access to all commands, you must log in with the administrator account named admin.
See Also
Terminology
Indentation
Notation
Connecting to the CLI
Command syntax
Sub-commands
Tips