fortinet.fortimanager.fmgr_system_admin_profile – Admin profile.
Note
This plugin is part of the fortinet.fortimanager collection (version 2.0.1).
To install it use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_admin_profile.
New in version 2.10: of fortinet.fortimanager
Synopsis
- This module is able to configure a FortiManager device.
- Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
| Parameter | Choices/Defaults | Comments | ||
|---|---|---|---|---|
| bypass_validation
boolean
|
|
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
|
||
| rc_failed
list / elements=string
|
the rc codes list with which the conditions to fail will be overriden
|
|||
| rc_succeeded
list / elements=string
|
the rc codes list with which the conditions to succeed will be overriden
|
|||
| state
string / required
|
|
the directive to create, update or delete an object
|
||
| system_admin_profile
dictionary
|
the top level parameters set
|
|||
| adom-lock
string
|
|
ADOM locking
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| adom-policy-packages
string
|
|
ADOM policy packages.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| adom-switch
string
|
|
Administrator domain.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| app-filter
string
|
|
App filter.
disable - Disable setting.
enable - Enable setting.
|
||
| assignment
string
|
|
Assignment permission.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| change-password
string
|
|
Enable/disable restricted user to change self password.
disable - Disable setting.
enable - Enable setting.
|
||
| config-retrieve
string
|
|
Configuration retrieve.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| config-revert
string
|
|
Revert Configuration from Revision History
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| consistency-check
string
|
|
Consistency check.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| datamask
string
|
|
Enable/disable data masking.
disable - Disable data masking.
enable - Enable data masking.
|
||
| datamask-custom-fields
list / elements=string
|
no description
|
|||
| field-category
list / elements=string
|
|
no description
|
||
| field-name
string
|
Field name.
|
|||
| field-status
string
|
|
Field status.
disable - Disable field.
enable - Enable field.
|
||
| field-type
string
|
|
Field type.
string - String.
ip - IP.
mac - MAC address.
email - Email address.
unknown - Unknown.
|
||
| datamask-custom-priority
string
|
|
Prioritize custom fields.
disable - Disable custom field search priority.
enable - Enable custom field search priority.
|
||
| datamask-fields
list / elements=string
|
|
no description
|
||
| datamask-key
string
|
no description
|
|||
| deploy-management
string
|
|
Install to devices.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| description
string
|
Description.
|
|||
| device-ap
string
|
|
Manage AP.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| device-config
string
|
|
Manage device configurations.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| device-forticlient
string
|
|
Manage FortiClient.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| device-fortiswitch
string
|
|
Manage FortiSwitch.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| device-manager
string
|
|
Device manager.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| device-op
string
|
|
Device add/delete/edit.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| device-policy-package-lock
string
|
|
Device/Policy Package locking
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| device-profile
string
|
|
Device profile permission.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| device-revision-deletion
string
|
|
Delete device revision.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| device-wan-link-load-balance
string
|
|
Manage WAN link load balance.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| event-management
string
|
|
Event management.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| fgd-center-advanced
string
|
|
FortiGuard Center Advanced.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| fgd-center-fmw-mgmt
string
|
|
FortiGuard Center Firmware Management.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| fgd-center-licensing
string
|
|
FortiGuard Center Licensing.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| fgd_center
string
|
|
FortiGuard Center.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| global-policy-packages
string
|
|
Global policy packages.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| import-policy-packages
string
|
|
Import Policy Package.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| intf-mapping
string
|
|
Interface Mapping
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| ips-filter
string
|
|
IPS filter.
disable - Disable setting.
enable - Enable setting.
|
||
| log-viewer
string
|
|
Log viewer.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| policy-objects
string
|
|
Policy objects permission.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| profileid
string
|
Profile ID.
|
|||
| read-passwd
string
|
|
View password in clear text.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| realtime-monitor
string
|
|
Realtime monitor.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| report-viewer
string
|
|
Report viewer.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| scope
string
|
|
Scope.
global - Global scope.
adom - ADOM scope.
|
||
| set-install-targets
string
|
|
Edit installation targets.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| system-setting
string
|
|
System setting.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| term-access
string
|
|
Terminal access.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| type
string
|
|
profile type.
system - System admin.
restricted - Restricted admin.
|
||
| vpn-manager
string
|
|
VPN manager.
none - No permission.
read - Read permission.
read-write - Read-write permission.
|
||
| web-filter
string
|
|
Web filter.
disable - Disable setting.
enable - Enable setting.
|
||
| workspace_locking_adom
string
|
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
|
|||
| workspace_locking_timeout
integer
|
Default:
300
|
the maximum time in seconds to wait for other user to release the workspace lock
|
||
Notes
Note
- Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
- To create or update an object, use state present directive.
- To delete an object, use state absent directive.
- Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Admin profile.
fmgr_system_admin_profile:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
state: <value in [present, absent]>
system_admin_profile:
adom-lock: <value in [none, read, read-write]>
adom-policy-packages: <value in [none, read, read-write]>
adom-switch: <value in [none, read, read-write]>
app-filter: <value in [disable, enable]>
assignment: <value in [none, read, read-write]>
change-password: <value in [disable, enable]>
config-retrieve: <value in [none, read, read-write]>
config-revert: <value in [none, read, read-write]>
consistency-check: <value in [none, read, read-write]>
datamask: <value in [disable, enable]>
datamask-custom-fields:
-
field-category:
- log
- fortiview
- alert
- ueba
- all
field-name: <value of string>
field-status: <value in [disable, enable]>
field-type: <value in [string, ip, mac, ...]>
datamask-custom-priority: <value in [disable, enable]>
datamask-fields:
- user
- srcip
- srcname
- srcmac
- dstip
- dstname
- email
- message
- domain
datamask-key: <value of string>
deploy-management: <value in [none, read, read-write]>
description: <value of string>
device-ap: <value in [none, read, read-write]>
device-config: <value in [none, read, read-write]>
device-forticlient: <value in [none, read, read-write]>
device-fortiswitch: <value in [none, read, read-write]>
device-manager: <value in [none, read, read-write]>
device-op: <value in [none, read, read-write]>
device-policy-package-lock: <value in [none, read, read-write]>
device-profile: <value in [none, read, read-write]>
device-revision-deletion: <value in [none, read, read-write]>
device-wan-link-load-balance: <value in [none, read, read-write]>
event-management: <value in [none, read, read-write]>
fgd-center-advanced: <value in [none, read, read-write]>
fgd-center-fmw-mgmt: <value in [none, read, read-write]>
fgd-center-licensing: <value in [none, read, read-write]>
fgd_center: <value in [none, read, read-write]>
global-policy-packages: <value in [none, read, read-write]>
import-policy-packages: <value in [none, read, read-write]>
intf-mapping: <value in [none, read, read-write]>
ips-filter: <value in [disable, enable]>
log-viewer: <value in [none, read, read-write]>
policy-objects: <value in [none, read, read-write]>
profileid: <value of string>
read-passwd: <value in [none, read, read-write]>
realtime-monitor: <value in [none, read, read-write]>
report-viewer: <value in [none, read, read-write]>
scope: <value in [global, adom]>
set-install-targets: <value in [none, read, read-write]>
system-setting: <value in [none, read, read-write]>
term-access: <value in [none, read, read-write]>
type: <value in [system, restricted]>
vpn-manager: <value in [none, read, read-write]>
web-filter: <value in [disable, enable]>
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| request_url
string
|
always |
The full url requested
Sample:
/sys/login/user
|
| response_code
integer
|
always |
The status of api request
|
| response_message
string
|
always |
The descriptive message of the api response
Sample:
OK.
|
Authors
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Frank Shen (@fshen01)
- Hongbin Lu (@fgtdev-hblu)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/fortinet/fortimanager/fmgr_system_admin_profile_module.html