Even if it is a single account, a proper set up would be
1. A PAM solution (CyberArk example, or Bitwarden on prem, what ever) for storing shared credentials - users use their own account to login and access said account (audit trail of who and when)
2. RFC / Change process in place. The person who is doing the change, has submitted a proper change request, documenting what is to be changed and why and when, which is then approved by whom ever. This give governance and an audit trail of changes in the environment.
I do understand the desire for accounts on devices, clients I work with, all systems that can, need to be LDAP joined and proper security and resource groups configured for Admins, Read only, auditors , et cetera. Zero trust and people have access they need. It is become a requirement for any type of cyber insurance and it is interesting TrueNAS CORE has not done this.
Sure, we can all trust our admins, and if you dont, they should not be working for you, but their is a very strong need for audit trails for many industries. But in this case, the above 1/2 options should be in place which would cover any need to know who did what and when.