fortinet.fortimanager.fmgr_system_admin_profile – Admin profile.
fortinet.fortimanager.fmgr_system_admin_profile – Admin profile.
Note
This plugin is part of the fortinet.fortimanager collection (version 2.0.1).
To install it use: ansible-galaxy collection install fortinet.fortimanager
.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_admin_profile
.
New in version 2.10: of fortinet.fortimanager
Synopsis
- This module is able to configure a FortiManager device.
- Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
Parameter | Choices/Defaults | Comments | ||
---|---|---|---|---|
bypass_validation boolean |
|
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters | ||
rc_failed list / elements=string |
the rc codes list with which the conditions to fail will be overriden | |||
rc_succeeded list / elements=string |
the rc codes list with which the conditions to succeed will be overriden | |||
state string / required |
|
the directive to create, update or delete an object | ||
system_admin_profile dictionary |
the top level parameters set | |||
adom-lock string |
|
ADOM locking none - No permission. read - Read permission. read-write - Read-write permission. | ||
adom-policy-packages string |
|
ADOM policy packages. none - No permission. read - Read permission. read-write - Read-write permission. | ||
adom-switch string |
|
Administrator domain. none - No permission. read - Read permission. read-write - Read-write permission. | ||
app-filter string |
|
App filter. disable - Disable setting. enable - Enable setting. | ||
assignment string |
|
Assignment permission. none - No permission. read - Read permission. read-write - Read-write permission. | ||
change-password string |
|
Enable/disable restricted user to change self password. disable - Disable setting. enable - Enable setting. | ||
config-retrieve string |
|
Configuration retrieve. none - No permission. read - Read permission. read-write - Read-write permission. | ||
config-revert string |
|
Revert Configuration from Revision History none - No permission. read - Read permission. read-write - Read-write permission. | ||
consistency-check string |
|
Consistency check. none - No permission. read - Read permission. read-write - Read-write permission. | ||
datamask string |
|
Enable/disable data masking. disable - Disable data masking. enable - Enable data masking. | ||
datamask-custom-fields list / elements=string |
no description | |||
field-category list / elements=string |
|
no description | ||
field-name string |
Field name. | |||
field-status string |
|
Field status. disable - Disable field. enable - Enable field. | ||
field-type string |
|
Field type. string - String. ip - IP. mac - MAC address. email - Email address. unknown - Unknown. | ||
datamask-custom-priority string |
|
Prioritize custom fields. disable - Disable custom field search priority. enable - Enable custom field search priority. | ||
datamask-fields list / elements=string |
|
no description | ||
datamask-key string |
no description | |||
deploy-management string |
|
Install to devices. none - No permission. read - Read permission. read-write - Read-write permission. | ||
description string |
Description. | |||
device-ap string |
|
Manage AP. none - No permission. read - Read permission. read-write - Read-write permission. | ||
device-config string |
|
Manage device configurations. none - No permission. read - Read permission. read-write - Read-write permission. | ||
device-forticlient string |
|
Manage FortiClient. none - No permission. read - Read permission. read-write - Read-write permission. | ||
device-fortiswitch string |
|
Manage FortiSwitch. none - No permission. read - Read permission. read-write - Read-write permission. | ||
device-manager string |
|
Device manager. none - No permission. read - Read permission. read-write - Read-write permission. | ||
device-op string |
|
Device add/delete/edit. none - No permission. read - Read permission. read-write - Read-write permission. | ||
device-policy-package-lock string |
|
Device/Policy Package locking none - No permission. read - Read permission. read-write - Read-write permission. | ||
device-profile string |
|
Device profile permission. none - No permission. read - Read permission. read-write - Read-write permission. | ||
device-revision-deletion string |
|
Delete device revision. none - No permission. read - Read permission. read-write - Read-write permission. | ||
device-wan-link-load-balance string |
|
Manage WAN link load balance. none - No permission. read - Read permission. read-write - Read-write permission. | ||
event-management string |
|
Event management. none - No permission. read - Read permission. read-write - Read-write permission. | ||
fgd-center-advanced string |
|
FortiGuard Center Advanced. none - No permission. read - Read permission. read-write - Read-write permission. | ||
fgd-center-fmw-mgmt string |
|
FortiGuard Center Firmware Management. none - No permission. read - Read permission. read-write - Read-write permission. | ||
fgd-center-licensing string |
|
FortiGuard Center Licensing. none - No permission. read - Read permission. read-write - Read-write permission. | ||
fgd_center string |
|
FortiGuard Center. none - No permission. read - Read permission. read-write - Read-write permission. | ||
global-policy-packages string |
|
Global policy packages. none - No permission. read - Read permission. read-write - Read-write permission. | ||
import-policy-packages string |
|
Import Policy Package. none - No permission. read - Read permission. read-write - Read-write permission. | ||
intf-mapping string |
|
Interface Mapping none - No permission. read - Read permission. read-write - Read-write permission. | ||
ips-filter string |
|
IPS filter. disable - Disable setting. enable - Enable setting. | ||
log-viewer string |
|
Log viewer. none - No permission. read - Read permission. read-write - Read-write permission. | ||
policy-objects string |
|
Policy objects permission. none - No permission. read - Read permission. read-write - Read-write permission. | ||
profileid string |
Profile ID. | |||
read-passwd string |
|
View password in clear text. none - No permission. read - Read permission. read-write - Read-write permission. | ||
realtime-monitor string |
|
Realtime monitor. none - No permission. read - Read permission. read-write - Read-write permission. | ||
report-viewer string |
|
Report viewer. none - No permission. read - Read permission. read-write - Read-write permission. | ||
scope string |
|
Scope. global - Global scope. adom - ADOM scope. | ||
set-install-targets string |
|
Edit installation targets. none - No permission. read - Read permission. read-write - Read-write permission. | ||
system-setting string |
|
System setting. none - No permission. read - Read permission. read-write - Read-write permission. | ||
term-access string |
|
Terminal access. none - No permission. read - Read permission. read-write - Read-write permission. | ||
type string |
|
profile type. system - System admin. restricted - Restricted admin. | ||
vpn-manager string |
|
VPN manager. none - No permission. read - Read permission. read-write - Read-write permission. | ||
web-filter string |
|
Web filter. disable - Disable setting. enable - Enable setting. | ||
workspace_locking_adom string |
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root | |||
workspace_locking_timeout integer |
Default: 300 |
the maximum time in seconds to wait for other user to release the workspace lock |
Notes
Note
- Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
- To create or update an object, use state present directive.
- To delete an object, use state absent directive.
- Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Admin profile.
fmgr_system_admin_profile:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
state: <value in [present, absent]>
system_admin_profile:
adom-lock: <value in [none, read, read-write]>
adom-policy-packages: <value in [none, read, read-write]>
adom-switch: <value in [none, read, read-write]>
app-filter: <value in [disable, enable]>
assignment: <value in [none, read, read-write]>
change-password: <value in [disable, enable]>
config-retrieve: <value in [none, read, read-write]>
config-revert: <value in [none, read, read-write]>
consistency-check: <value in [none, read, read-write]>
datamask: <value in [disable, enable]>
datamask-custom-fields:
-
field-category:
- log
- fortiview
- alert
- ueba
- all
field-name: <value of string>
field-status: <value in [disable, enable]>
field-type: <value in [string, ip, mac, ...]>
datamask-custom-priority: <value in [disable, enable]>
datamask-fields:
- user
- srcip
- srcname
- srcmac
- dstip
- dstname
- email
- message
- domain
datamask-key: <value of string>
deploy-management: <value in [none, read, read-write]>
description: <value of string>
device-ap: <value in [none, read, read-write]>
device-config: <value in [none, read, read-write]>
device-forticlient: <value in [none, read, read-write]>
device-fortiswitch: <value in [none, read, read-write]>
device-manager: <value in [none, read, read-write]>
device-op: <value in [none, read, read-write]>
device-policy-package-lock: <value in [none, read, read-write]>
device-profile: <value in [none, read, read-write]>
device-revision-deletion: <value in [none, read, read-write]>
device-wan-link-load-balance: <value in [none, read, read-write]>
event-management: <value in [none, read, read-write]>
fgd-center-advanced: <value in [none, read, read-write]>
fgd-center-fmw-mgmt: <value in [none, read, read-write]>
fgd-center-licensing: <value in [none, read, read-write]>
fgd_center: <value in [none, read, read-write]>
global-policy-packages: <value in [none, read, read-write]>
import-policy-packages: <value in [none, read, read-write]>
intf-mapping: <value in [none, read, read-write]>
ips-filter: <value in [disable, enable]>
log-viewer: <value in [none, read, read-write]>
policy-objects: <value in [none, read, read-write]>
profileid: <value of string>
read-passwd: <value in [none, read, read-write]>
realtime-monitor: <value in [none, read, read-write]>
report-viewer: <value in [none, read, read-write]>
scope: <value in [global, adom]>
set-install-targets: <value in [none, read, read-write]>
system-setting: <value in [none, read, read-write]>
term-access: <value in [none, read, read-write]>
type: <value in [system, restricted]>
vpn-manager: <value in [none, read, read-write]>
web-filter: <value in [disable, enable]>
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
request_url string |
always |
The full url requested
Sample: /sys/login/user |
response_code integer |
always |
The status of api request
|
response_message string |
always |
The descriptive message of the api response
Sample: OK. |
Authors
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Frank Shen (@fshen01)
- Hongbin Lu (@fgtdev-hblu)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/fortinet/fortimanager/fmgr_system_admin_profile_module.html