fortinet.fortimanager.fmgr_system_admin_profile – Admin profile.
Note
This plugin is part of the fortinet.fortimanager collection (version 2.1.3).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_admin_profile.
New in version 2.10: of fortinet.fortimanager
Synopsis
- This module is able to configure a FortiManager device.
- Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
| Parameter | Choices/Defaults | Comments | ||
|---|---|---|---|---|
| bypass_validation boolean |
| only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters | ||
| enable_log boolean |
| Enable/Disable logging for task | ||
| proposed_method string |
| The overridden method for the underlying Json RPC request | ||
| rc_failed list / elements=string | the rc codes list with which the conditions to fail will be overriden | |||
| rc_succeeded list / elements=string | the rc codes list with which the conditions to succeed will be overriden | |||
| state string / required |
| the directive to create, update or delete an object | ||
| system_admin_profile dictionary | the top level parameters set | |||
| adom-lock string |
| ADOM locking none - No permission. read - Read permission. read-write - Read-write permission. | ||
| adom-policy-packages string |
| ADOM policy packages. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| adom-switch string |
| Administrator domain. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| allow-to-install string |
| Enable/disable the restricted user to install objects to the devices. disable - Disable setting. enable - Enable setting. | ||
| app-filter string |
| App filter. disable - Disable setting. enable - Enable setting. | ||
| assignment string |
| Assignment permission. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| change-password string |
| Enable/disable restricted user to change self password. disable - Disable setting. enable - Enable setting. | ||
| config-retrieve string |
| Configuration retrieve. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| config-revert string |
| Revert Configuration from Revision History none - No permission. read - Read permission. read-write - Read-write permission. | ||
| consistency-check string |
| Consistency check. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| datamask string |
| Enable/disable data masking. disable - Disable data masking. enable - Enable data masking. | ||
| datamask-custom-fields list / elements=string | no description | |||
| field-category list / elements=string |
| no description | ||
| field-name string | Field name. | |||
| field-status string |
| Field status. disable - Disable field. enable - Enable field. | ||
| field-type string |
| Field type. string - String. ip - IP. mac - MAC address. email - Email address. unknown - Unknown. | ||
| datamask-custom-priority string |
| Prioritize custom fields. disable - Disable custom field search priority. enable - Enable custom field search priority. | ||
| datamask-fields list / elements=string |
| no description | ||
| datamask-key string | no description | |||
| datamask-unmasked-time integer | Default: 0 | Time in days without data masking. | ||
| deploy-management string |
| Install to devices. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| description string | Description. | |||
| device-ap string |
| Manage AP. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| device-config string |
| Manage device configurations. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| device-forticlient string |
| Manage FortiClient. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| device-fortiswitch string |
| Manage FortiSwitch. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| device-manager string |
| Device manager. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| device-op string |
| Device add/delete/edit. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| device-policy-package-lock string |
| Device/Policy Package locking none - No permission. read - Read permission. read-write - Read-write permission. | ||
| device-profile string |
| Device profile permission. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| device-revision-deletion string |
| Delete device revision. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| device-wan-link-load-balance string |
| Manage WAN link load balance. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| event-management string |
| Event management. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| extension-access string |
| Manage extension access. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| fabric-viewer string |
| Fabric viewer. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| fgd-center-advanced string |
| FortiGuard Center Advanced. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| fgd-center-fmw-mgmt string |
| FortiGuard Center Firmware Management. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| fgd-center-licensing string |
| FortiGuard Center Licensing. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| fgd_center string |
| FortiGuard Center. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| global-policy-packages string |
| Global policy packages. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| import-policy-packages string |
| Import Policy Package. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| intf-mapping string |
| Interface Mapping none - No permission. read - Read permission. read-write - Read-write permission. | ||
| ips-filter string |
| IPS filter. disable - Disable setting. enable - Enable setting. | ||
| log-viewer string |
| Log viewer. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| policy-objects string |
| Policy objects permission. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| profileid string | Profile ID. | |||
| read-passwd string |
| View password in clear text. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| realtime-monitor string |
| Realtime monitor. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| report-viewer string |
| Report viewer. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| run-report string |
| Run reports. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| scope string |
| Scope. global - Global scope. adom - ADOM scope. | ||
| script-access string |
| Script access. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| set-install-targets string |
| Edit installation targets. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| super-user-profile string |
| Enable/disable super user profile disable - Disable super user profile enable - Enable super user profile | ||
| system-setting string |
| System setting. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| term-access string |
| Terminal access. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| triage-events string |
| Triage events. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| type string |
| profile type. system - System admin. restricted - Restricted admin. | ||
| update-incidents string |
| Create/update incidents. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| vpn-manager string |
| VPN manager. none - No permission. read - Read permission. read-write - Read-write permission. | ||
| web-filter string |
| Web filter. disable - Disable setting. enable - Enable setting. | ||
| workspace_locking_adom string | the adom to lock for FortiManager running in workspace mode, the value can be global and others including root | |||
| workspace_locking_timeout integer | Default: 300 | the maximum time in seconds to wait for other user to release the workspace lock | ||
Notes
Note
- Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
- To create or update an object, use state present directive.
- To delete an object, use state absent directive.
- Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Admin profile.
fmgr_system_admin_profile:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
state: <value in [present, absent]>
system_admin_profile:
adom-lock: <value in [none, read, read-write]>
adom-policy-packages: <value in [none, read, read-write]>
adom-switch: <value in [none, read, read-write]>
app-filter: <value in [disable, enable]>
assignment: <value in [none, read, read-write]>
change-password: <value in [disable, enable]>
config-retrieve: <value in [none, read, read-write]>
config-revert: <value in [none, read, read-write]>
consistency-check: <value in [none, read, read-write]>
datamask: <value in [disable, enable]>
datamask-custom-fields:
-
field-category:
- log
- fortiview
- alert
- ueba
- all
field-name: <value of string>
field-status: <value in [disable, enable]>
field-type: <value in [string, ip, mac, ...]>
datamask-custom-priority: <value in [disable, enable]>
datamask-fields:
- user
- srcip
- srcname
- srcmac
- dstip
- dstname
- email
- message
- domain
datamask-key: <value of string>
deploy-management: <value in [none, read, read-write]>
description: <value of string>
device-ap: <value in [none, read, read-write]>
device-config: <value in [none, read, read-write]>
device-forticlient: <value in [none, read, read-write]>
device-fortiswitch: <value in [none, read, read-write]>
device-manager: <value in [none, read, read-write]>
device-op: <value in [none, read, read-write]>
device-policy-package-lock: <value in [none, read, read-write]>
device-profile: <value in [none, read, read-write]>
device-revision-deletion: <value in [none, read, read-write]>
device-wan-link-load-balance: <value in [none, read, read-write]>
event-management: <value in [none, read, read-write]>
fgd-center-advanced: <value in [none, read, read-write]>
fgd-center-fmw-mgmt: <value in [none, read, read-write]>
fgd-center-licensing: <value in [none, read, read-write]>
fgd_center: <value in [none, read, read-write]>
global-policy-packages: <value in [none, read, read-write]>
import-policy-packages: <value in [none, read, read-write]>
intf-mapping: <value in [none, read, read-write]>
ips-filter: <value in [disable, enable]>
log-viewer: <value in [none, read, read-write]>
policy-objects: <value in [none, read, read-write]>
profileid: <value of string>
read-passwd: <value in [none, read, read-write]>
realtime-monitor: <value in [none, read, read-write]>
report-viewer: <value in [none, read, read-write]>
scope: <value in [global, adom]>
set-install-targets: <value in [none, read, read-write]>
system-setting: <value in [none, read, read-write]>
term-access: <value in [none, read, read-write]>
type: <value in [system, restricted]>
vpn-manager: <value in [none, read, read-write]>
web-filter: <value in [disable, enable]>
datamask-unmasked-time: <value of integer>
super-user-profile: <value in [disable, enable]>
allow-to-install: <value in [disable, enable]>
extension-access: <value in [none, read, read-write]>
fabric-viewer: <value in [none, read, read-write]>
run-report: <value in [none, read, read-write]>
script-access: <value in [none, read, read-write]>
triage-events: <value in [none, read, read-write]>
update-incidents: <value in [none, read, read-write]>
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| request_url string | always | The full url requested Sample: /sys/login/user |
| response_code integer | always | The status of api request |
| response_message string | always | The descriptive message of the api response Sample: OK. |
Authors
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Frank Shen (@fshen01)
- Hongbin Lu (@fgtdev-hblu)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/fortinet/fortimanager/fmgr_system_admin_profile_module.html