fortinet.fortimanager.fmgr_system_admin_user – Admin user.
Note
This plugin is part of the fortinet.fortimanager collection (version 2.1.3).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_admin_user.
New in version 2.10: of fortinet.fortimanager
Synopsis
- This module is able to configure a FortiManager device.
- Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
| Parameter | Choices/Defaults | Comments | ||
|---|---|---|---|---|
| bypass_validation
boolean
|
|
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
|
||
| enable_log
boolean
|
|
Enable/Disable logging for task
|
||
| proposed_method
string
|
|
The overridden method for the underlying Json RPC request
|
||
| rc_failed
list / elements=string
|
the rc codes list with which the conditions to fail will be overriden
|
|||
| rc_succeeded
list / elements=string
|
the rc codes list with which the conditions to succeed will be overriden
|
|||
| state
string / required
|
|
the directive to create, update or delete an object
|
||
| system_admin_user
dictionary
|
the top level parameters set
|
|||
| adom
list / elements=string
|
no description
|
|||
| adom-name
string
|
Admin domain names.
|
|||
| adom-exclude
list / elements=string
|
no description
|
|||
| adom-name
string
|
Admin domain names.
|
|||
| app-filter
list / elements=string
|
no description
|
|||
| app-filter-name
string
|
App filter name.
|
|||
| avatar
string
|
Image file for avatar (maximum 4K base64 encoded).
|
|||
| ca
string
|
PKI user certificate CA (CA name in local).
|
|||
| change-password
string
|
|
Enable/disable restricted user to change self password.
disable - Disable setting.
enable - Enable setting.
|
||
| dashboard
list / elements=string
|
no description
|
|||
| column
integer
|
Default:
0
|
Widgets column ID.
|
||
| diskio-content-type
string
|
|
Disk I/O Monitor widgets chart type.
util - bandwidth utilization.
iops - the number of I/O requests.
blks - the amount of data of I/O requests.
|
||
| diskio-period
string
|
|
Disk I/O Monitor widgets data period.
1hour - 1 hour.
8hour - 8 hour.
24hour - 24 hour.
|
||
| log-rate-period
string
|
|
Log receive monitor widgets data period.
2min - 2 minutes.
1hour - 1 hour.
6hours - 6 hours.
|
||
| log-rate-topn
string
|
|
Log receive monitor widgets number of top items to display.
1 - Top 1.
2 - Top 2.
3 - Top 3.
4 - Top 4.
5 - Top 5.
|
||
| log-rate-type
string
|
|
Log receive monitor widgets statistics breakdown options.
log - Show log rates for each log type.
device - Show log rates for each device.
|
||
| moduleid
integer
|
Default:
0
|
Widget ID.
|
||
| name
string
|
Widget name.
|
|||
| num-entries
integer
|
Default:
10
|
Number of entries.
|
||
| refresh-interval
integer
|
Default:
300
|
Widgets refresh interval.
|
||
| res-cpu-display
string
|
|
Widgets CPU display type.
average - Average usage of CPU.
each - Each usage of CPU.
|
||
| res-period
string
|
|
Widgets data period.
10min - Last 10 minutes.
hour - Last hour.
day - Last day.
|
||
| res-view-type
string
|
|
Widgets data view type.
real-time - Real-time view.
history - History view.
|
||
| status
string
|
|
Widgets opened/closed state.
close - Widget closed.
open - Widget opened.
|
||
| tabid
integer
|
Default:
0
|
ID of tab where widget is displayed.
|
||
| time-period
string
|
|
Log Database Monitor widgets data period.
1hour - 1 hour.
8hour - 8 hour.
24hour - 24 hour.
|
||
| widget-type
string
|
|
Widget type.
top-lograte - Log Receive Monitor.
sysres - System resources.
sysinfo - System Information.
licinfo - License Information.
jsconsole - CLI Console.
sysop - Unit Operation.
alert - Alert Message Console.
statistics - Statistics.
rpteng - Report Engine.
raid - Disk Monitor.
logrecv - Logs/Data Received.
devsummary - Device Summary.
logdb-perf - Log Database Performance Monitor.
logdb-lag - Log Database Lag Time.
disk-io - Disk I/O.
log-rcvd-fwd - Log receive and forwarding Monitor.
|
||
| dashboard-tabs
list / elements=string
|
no description
|
|||
| name
string
|
Tab name.
|
|||
| tabid
integer
|
Default:
0
|
Tab ID.
|
||
| description
string
|
Description.
|
|||
| dev-group
string
|
device group.
|
|||
| email-address
string
|
Email address.
|
|||
| ext-auth-accprofile-override
string
|
|
Allow to use the access profile provided by the remote authentication server.
disable - Disable access profile override.
enable - Enable access profile override.
|
||
| ext-auth-adom-override
string
|
|
Allow to use the ADOM provided by the remote authentication server.
disable - Disable ADOM override.
enable - Enable ADOM override.
|
||
| ext-auth-group-match
string
|
Only administrators belonging to this group can login.
|
|||
| first-name
string
|
First name.
|
|||
| force-password-change
string
|
|
Enable/disable force password change on next login.
disable - Disable setting.
enable - Enable setting.
|
||
| group
string
|
Group name.
|
|||
| hidden
integer
|
Default:
0
|
Hidden administrator.
|
||
| ips-filter
list / elements=string
|
no description
|
|||
| ips-filter-name
string
|
IPS filter name.
|
|||
| ipv6_trusthost1
string
|
Default:
"::/0"
|
Admin user trusted host IPv6, default ::/0 for all.
|
||
| ipv6_trusthost10
string
|
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
|
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
|
||
| ipv6_trusthost2
string
|
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
|
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
|
||
| ipv6_trusthost3
string
|
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
|
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
|
||
| ipv6_trusthost4
string
|
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
|
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
|
||
| ipv6_trusthost5
string
|
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
|
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
|
||
| ipv6_trusthost6
string
|
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
|
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
|
||
| ipv6_trusthost7
string
|
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
|
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
|
||
| ipv6_trusthost8
string
|
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
|
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
|
||
| ipv6_trusthost9
string
|
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
|
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
|
||
| last-name
string
|
Last name.
|
|||
| ldap-server
string
|
LDAP server name.
|
|||
| login-max
integer
|
Default:
32
|
Max login session for this user.
|
||
| meta-data
list / elements=string
|
no description
|
|||
| fieldlength
integer
|
Default:
0
|
Field length.
|
||
| fieldname
string
|
Field name.
|
|||
| fieldvalue
string
|
Field value.
|
|||
| importance
string
|
|
Importance.
optional - This field is optional.
required - This field is required.
|
||
| status
string
|
|
Status.
disabled - This field is disabled.
enabled - This field is enabled.
|
||
| mobile-number
string
|
Mobile number.
|
|||
| pager-number
string
|
Pager number.
|
|||
| password
string
|
no description
|
|||
| password-expire
string
|
no description
|
|||
| phone-number
string
|
Phone number.
|
|||
| policy-package
list / elements=string
|
no description
|
|||
| policy-package-name
string
|
Policy package names.
|
|||
| profileid
string
|
Default:
"Restricted_User"
|
Profile ID.
|
||
| radius_server
string
|
RADIUS server name.
|
|||
| restrict-access
string
|
|
Enable/disable restricted access to development VDOM.
disable - Disable setting.
enable - Enable setting.
|
||
| restrict-dev-vdom
list / elements=string
|
no description
|
|||
| dev-vdom
string
|
Device or device VDOM.
|
|||
| rpc-permit
string
|
|
set none/read/read-write rpc-permission.
read-write - Read-write permission.
none - No permission.
read - Read-only permission.
|
||
| ssh-public-key1
string
|
no description
|
|||
| ssh-public-key2
string
|
no description
|
|||
| ssh-public-key3
string
|
no description
|
|||
| subject
string
|
PKI user certificate name constraints.
|
|||
| tacacs-plus-server
string
|
TACACS+ server name.
|
|||
| trusthost1
string
|
Default:
"0.0.0.0 0.0.0.0"
|
Admin user trusted host IP, default 0.0.0.0 0.0.0.0 for all.
|
||
| trusthost10
string
|
Default:
"255.255.255.255 255.255.255.255"
|
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
|
||
| trusthost2
string
|
Default:
"255.255.255.255 255.255.255.255"
|
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
|
||
| trusthost3
string
|
Default:
"255.255.255.255 255.255.255.255"
|
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
|
||
| trusthost4
string
|
Default:
"255.255.255.255 255.255.255.255"
|
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
|
||
| trusthost5
string
|
Default:
"255.255.255.255 255.255.255.255"
|
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
|
||
| trusthost6
string
|
Default:
"255.255.255.255 255.255.255.255"
|
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
|
||
| trusthost7
string
|
Default:
"255.255.255.255 255.255.255.255"
|
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
|
||
| trusthost8
string
|
Default:
"255.255.255.255 255.255.255.255"
|
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
|
||
| trusthost9
string
|
Default:
"255.255.255.255 255.255.255.255"
|
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
|
||
| two-factor-auth
string
|
|
Enable 2-factor authentication (certificate + password).
disable - Disable 2-factor authentication.
enable - Enable 2-factor authentication.
|
||
| use-global-theme
string
|
|
Enable/disble global theme for administration GUI.
disable - Disable setting.
enable - Enable setting.
|
||
| user-theme
string
|
|
Color scheme to use for the admin user GUI.
blue - Blueberry
green - Kiwi
red - Cherry
melongene - Plum
spring - Spring
summer - Summer
autumn - Autumn
winter - Winter
circuit-board - Circuit Board
calla-lily - Calla Lily
binary-tunnel - Binary Tunnel
mars - Mars
blue-sea - Blue Sea
technology - Technology
landscape - Landscape
twilight - Twilight
canyon - Canyon
northern-light - Northern Light
astronomy - Astronomy
fish - Fish
penguin - Penguin
mountain - Mountain
panda - Panda
parrot - Parrot
cave - Cave
zebra - Zebra
contrast-dark - High Contrast Dark
|
||
| user_type
string
|
|
User type.
local - Local user.
radius - RADIUS user.
ldap - LDAP user.
tacacs-plus - TACACS+ user.
pki-auth - PKI user.
group - Group user.
|
||
| userid
string
|
User name.
|
|||
| web-filter
list / elements=string
|
no description
|
|||
| web-filter-name
string
|
Web filter name.
|
|||
| wildcard
string
|
|
Enable/disable wildcard remote authentication.
disable - Disable username wildcard.
enable - Enable username wildcard.
|
||
| workspace_locking_adom
string
|
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
|
|||
| workspace_locking_timeout
integer
|
Default:
300
|
the maximum time in seconds to wait for other user to release the workspace lock
|
||
Notes
Note
- Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
- To create or update an object, use state present directive.
- To delete an object, use state absent directive.
- Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Admin user.
fmgr_system_admin_user:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
state: <value in [present, absent]>
system_admin_user:
adom:
-
adom-name: <value of string>
adom-exclude:
-
adom-name: <value of string>
app-filter:
-
app-filter-name: <value of string>
avatar: <value of string>
ca: <value of string>
change-password: <value in [disable, enable]>
dashboard:
-
column: <value of integer>
diskio-content-type: <value in [util, iops, blks]>
diskio-period: <value in [1hour, 8hour, 24hour]>
log-rate-period: <value in [2min , 1hour, 6hours]>
log-rate-topn: <value in [1, 2, 3, ...]>
log-rate-type: <value in [log, device]>
moduleid: <value of integer>
name: <value of string>
num-entries: <value of integer>
refresh-interval: <value of integer>
res-cpu-display: <value in [average , each]>
res-period: <value in [10min , hour, day]>
res-view-type: <value in [real-time , history]>
status: <value in [close, open]>
tabid: <value of integer>
time-period: <value in [1hour, 8hour, 24hour]>
widget-type: <value in [top-lograte, sysres, sysinfo, ...]>
dashboard-tabs:
-
name: <value of string>
tabid: <value of integer>
description: <value of string>
dev-group: <value of string>
email-address: <value of string>
ext-auth-accprofile-override: <value in [disable, enable]>
ext-auth-adom-override: <value in [disable, enable]>
ext-auth-group-match: <value of string>
first-name: <value of string>
force-password-change: <value in [disable, enable]>
group: <value of string>
hidden: <value of integer>
ips-filter:
-
ips-filter-name: <value of string>
ipv6_trusthost1: <value of string>
ipv6_trusthost10: <value of string>
ipv6_trusthost2: <value of string>
ipv6_trusthost3: <value of string>
ipv6_trusthost4: <value of string>
ipv6_trusthost5: <value of string>
ipv6_trusthost6: <value of string>
ipv6_trusthost7: <value of string>
ipv6_trusthost8: <value of string>
ipv6_trusthost9: <value of string>
last-name: <value of string>
ldap-server: <value of string>
meta-data:
-
fieldlength: <value of integer>
fieldname: <value of string>
fieldvalue: <value of string>
importance: <value in [optional, required]>
status: <value in [disabled, enabled]>
mobile-number: <value of string>
pager-number: <value of string>
password: <value of string>
password-expire: <value of string>
phone-number: <value of string>
policy-package:
-
policy-package-name: <value of string>
profileid: <value of string>
radius_server: <value of string>
restrict-access: <value in [disable, enable]>
restrict-dev-vdom:
-
dev-vdom: <value of string>
rpc-permit: <value in [read-write, none, read]>
ssh-public-key1: <value of string>
ssh-public-key2: <value of string>
ssh-public-key3: <value of string>
subject: <value of string>
tacacs-plus-server: <value of string>
trusthost1: <value of string>
trusthost10: <value of string>
trusthost2: <value of string>
trusthost3: <value of string>
trusthost4: <value of string>
trusthost5: <value of string>
trusthost6: <value of string>
trusthost7: <value of string>
trusthost8: <value of string>
trusthost9: <value of string>
two-factor-auth: <value in [disable, enable]>
user_type: <value in [local, radius, ldap, ...]>
userid: <value of string>
web-filter:
-
web-filter-name: <value of string>
wildcard: <value in [disable, enable]>
login-max: <value of integer>
use-global-theme: <value in [disable, enable]>
user-theme: <value in [blue, green, red, ...]>
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| request_url
string
|
always |
The full url requested
Sample:
/sys/login/user
|
| response_code
integer
|
always |
The status of api request
|
| response_message
string
|
always |
The descriptive message of the api response
Sample:
OK.
|
Authors
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Frank Shen (@fshen01)
- Hongbin Lu (@fgtdev-hblu)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/fortinet/fortimanager/fmgr_system_admin_user_module.html