fortinet.fortimanager.fmgr_system_admin_user module – Admin user.

Note

This module is part of the fortinet.fortimanager collection (version 2.1.5).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_admin_user.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter

Comments

bypass_validation

boolean

only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters

Choices:

  • no ← (default)

  • yes

enable_log

boolean

Enable/Disable logging for task

Choices:

  • no ← (default)

  • yes

proposed_method

string

The overridden method for the underlying Json RPC request

Choices:

  • update

  • set

  • add

rc_failed

list / elements=string

the rc codes list with which the conditions to fail will be overriden

rc_succeeded

list / elements=string

the rc codes list with which the conditions to succeed will be overriden

state

string / required

the directive to create, update or delete an object

Choices:

  • present

  • absent

system_admin_user

dictionary

the top level parameters set

adom

list / elements=string

Adom.

adom-name

string

Admin domain names.

adom-exclude

list / elements=string

Adom-Exclude.

adom-name

string

Admin domain names.

app-filter

list / elements=string

App-Filter.

app-filter-name

string

App filter name.

avatar

string

Image file for avatar (maximum 4K base64 encoded).

ca

string

PKI user certificate CA (CA name in local).

change-password

string

Enable/disable restricted user to change self password.

disable - Disable setting.

enable - Enable setting.

Choices:

  • disable ← (default)

  • enable

dashboard

list / elements=string

Dashboard.

column

integer

Widgets column ID.

Default: 0

diskio-content-type

string

Disk I/O Monitor widgets chart type.

util - bandwidth utilization.

iops - the number of I/O requests.

blks - the amount of data of I/O requests.

Choices:

  • util ← (default)

  • iops

  • blks

diskio-period

string

Disk I/O Monitor widgets data period.

1hour - 1 hour.

8hour - 8 hour.

24hour - 24 hour.

Choices:

  • 1hour ← (default)

  • 8hour

  • 24hour

log-rate-period

string

Log receive monitor widgets data period.

2min - 2 minutes.

1hour - 1 hour.

6hours - 6 hours.

Choices:

  • 2min

  • 1hour

  • 6hours

log-rate-topn

string

Log receive monitor widgets number of top items to display.

1 - Top 1.

2 - Top 2.

3 - Top 3.

4 - Top 4.

5 - Top 5.

Choices:

  • 1

  • 2

  • 3

  • 4

  • 5 ← (default)

log-rate-type

string

Log receive monitor widgets statistics breakdown options.

log - Show log rates for each log type.

device - Show log rates for each device.

Choices:

  • log

  • device ← (default)

moduleid

integer

Widget ID.

Default: 0

name

string

Widget name.

num-entries

integer

Number of entries.

Default: 10

refresh-interval

integer

Widgets refresh interval.

Default: 300

res-cpu-display

string

Widgets CPU display type.

average - Average usage of CPU.

each - Each usage of CPU.

Choices:

  • average ← (default)

  • each

res-period

string

Widgets data period.

10min - Last 10 minutes.

hour - Last hour.

day - Last day.

Choices:

  • 10min ← (default)

  • hour

  • day

res-view-type

string

Widgets data view type.

real-time - Real-time view.

history - History view.

Choices:

  • real-time

  • history ← (default)

status

string

Widgets opened/closed state.

close - Widget closed.

open - Widget opened.

Choices:

  • close

  • open ← (default)

tabid

integer

ID of tab where widget is displayed.

Default: 0

time-period

string

Log Database Monitor widgets data period.

1hour - 1 hour.

8hour - 8 hour.

24hour - 24 hour.

Choices:

  • 1hour ← (default)

  • 8hour

  • 24hour

widget-type

string

Widget type.

top-lograte - Log Receive Monitor.

sysres - System resources.

sysinfo - System Information.

licinfo - License Information.

jsconsole - CLI Console.

sysop - Unit Operation.

alert - Alert Message Console.

statistics - Statistics.

rpteng - Report Engine.

raid - Disk Monitor.

logrecv - Logs/Data Received.

devsummary - Device Summary.

logdb-perf - Log Database Performance Monitor.

logdb-lag - Log Database Lag Time.

disk-io - Disk I/O.

log-rcvd-fwd - Log receive and forwarding Monitor.

Choices:

  • top-lograte

  • sysres

  • sysinfo

  • licinfo

  • jsconsole

  • sysop

  • alert

  • statistics

  • rpteng

  • raid

  • logrecv

  • devsummary

  • logdb-perf

  • logdb-lag

  • disk-io

  • log-rcvd-fwd

dashboard-tabs

list / elements=string

Dashboard-Tabs.

name

string

Tab name.

tabid

integer

Tab ID.

Default: 0

description

string

Description.

dev-group

string

device group.

email-address

string

Email address.

ext-auth-accprofile-override

string

Allow to use the access profile provided by the remote authentication server.

disable - Disable access profile override.

enable - Enable access profile override.

Choices:

  • disable ← (default)

  • enable

ext-auth-adom-override

string

Allow to use the ADOM provided by the remote authentication server.

disable - Disable ADOM override.

enable - Enable ADOM override.

Choices:

  • disable ← (default)

  • enable

ext-auth-group-match

string

Only administrators belonging to this group can login.

first-name

string

First name.

force-password-change

string

Enable/disable force password change on next login.

disable - Disable setting.

enable - Enable setting.

Choices:

  • disable ← (default)

  • enable

group

string

Group name.

hidden

integer

Hidden administrator.

Default: 0

ips-filter

list / elements=string

Ips-Filter.

ips-filter-name

string

IPS filter name.

ipv6_trusthost1

string

Admin user trusted host IPv6, default ::/0 for all.

Default: “::/0”

ipv6_trusthost10

string

Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.

Default: “ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128”

ipv6_trusthost2

string

Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.

Default: “ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128”

ipv6_trusthost3

string

Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.

Default: “ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128”

ipv6_trusthost4

string

Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.

Default: “ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128”

ipv6_trusthost5

string

Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.

Default: “ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128”

ipv6_trusthost6

string

Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.

Default: “ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128”

ipv6_trusthost7

string

Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.

Default: “ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128”

ipv6_trusthost8

string

Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.

Default: “ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128”

ipv6_trusthost9

string

Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.

Default: “ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128”

last-name

string

Last name.

ldap-server

string

LDAP server name.

login-max

integer

Max login session for this user.

Default: 32

meta-data

list / elements=string

Meta-Data.

fieldlength

integer

Field length.

Default: 0

fieldname

string

Field name.

fieldvalue

string

Field value.

importance

string

Importance.

optional - This field is optional.

required - This field is required.

Choices:

  • optional ← (default)

  • required

status

string

Status.

disabled - This field is disabled.

enabled - This field is enabled.

Choices:

  • disabled

  • enabled ← (default)

mobile-number

string

Mobile number.

pager-number

string

Pager number.

password

string

Password.

password-expire

string

Password expire time in GMT.

phone-number

string

Phone number.

policy-package

list / elements=string

Policy-Package.

policy-package-name

string

Policy package names.

profileid

string

Profile ID.

Default: “Restricted_User”

radius_server

string

RADIUS server name.

restrict-access

string

Enable/disable restricted access to development VDOM.

disable - Disable setting.

enable - Enable setting.

Choices:

  • disable ← (default)

  • enable

restrict-dev-vdom

list / elements=string

no description

dev-vdom

string

Device or device VDOM.

rpc-permit

string

set none/read/read-write rpc-permission.

read-write - Read-write permission.

none - No permission.

read - Read-only permission.

Choices:

  • read-write

  • none ← (default)

  • read

ssh-public-key1

string

SSH public key 1.

ssh-public-key2

string

SSH public key 2.

ssh-public-key3

string

SSH public key 3.

subject

string

PKI user certificate name constraints.

tacacs-plus-server

string

TACACS+ server name.

trusthost1

string

Admin user trusted host IP, default 0.0.0.0 0.0.0.0 for all.

Default: “0.0.0.0 0.0.0.0”

trusthost10

string

Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.

Default: “255.255.255.255 255.255.255.255”

trusthost2

string

Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.

Default: “255.255.255.255 255.255.255.255”

trusthost3

string

Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.

Default: “255.255.255.255 255.255.255.255”

trusthost4

string

Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.

Default: “255.255.255.255 255.255.255.255”

trusthost5

string

Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.

Default: “255.255.255.255 255.255.255.255”

trusthost6

string

Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.

Default: “255.255.255.255 255.255.255.255”

trusthost7

string

Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.

Default: “255.255.255.255 255.255.255.255”

trusthost8

string

Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.

Default: “255.255.255.255 255.255.255.255”

trusthost9

string

Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.

Default: “255.255.255.255 255.255.255.255”

two-factor-auth

string

Enable 2-factor authentication (certificate + password).

disable - Disable 2-factor authentication.

enable - Enable 2-factor authentication.

Choices:

  • disable ← (default)

  • enable

use-global-theme

string

Enable/disble global theme for administration GUI.

disable - Disable setting.

enable - Enable setting.

Choices:

  • disable

  • enable ← (default)

user-theme

string

Color scheme to use for the admin user GUI.

blue - Blueberry

green - Kiwi

red - Cherry

melongene - Plum

spring - Spring

summer - Summer

autumn - Autumn

winter - Winter

circuit-board - Circuit Board

calla-lily - Calla Lily

binary-tunnel - Binary Tunnel

mars - Mars

blue-sea - Blue Sea

technology - Technology

landscape - Landscape

twilight - Twilight

canyon - Canyon

northern-light - Northern Light

astronomy - Astronomy

fish - Fish

penguin - Penguin

mountain - Mountain

panda - Panda

parrot - Parrot

cave - Cave

zebra - Zebra

contrast-dark - High Contrast Dark

Choices:

  • blue ← (default)

  • green

  • red

  • melongene

  • spring

  • summer

  • autumn

  • winter

  • circuit-board

  • calla-lily

  • binary-tunnel

  • mars

  • blue-sea

  • technology

  • landscape

  • twilight

  • canyon

  • northern-light

  • astronomy

  • fish

  • penguin

  • mountain

  • panda

  • parrot

  • cave

  • zebra

  • contrast-dark

user_type

string

User type.

local - Local user.

radius - RADIUS user.

ldap - LDAP user.

tacacs-plus - TACACS+ user.

pki-auth - PKI user.

group - Group user.

Choices:

  • local ← (default)

  • radius

  • ldap

  • tacacs-plus

  • pki-auth

  • group

  • sso

userid

string

User name.

web-filter

list / elements=string

Web-Filter.

web-filter-name

string

Web filter name.

wildcard

string

Enable/disable wildcard remote authentication.

disable - Disable username wildcard.

enable - Enable username wildcard.

Choices:

  • disable ← (default)

  • enable

workspace_locking_adom

string

the adom to lock for FortiManager running in workspace mode, the value can be global and others including root

workspace_locking_timeout

integer

the maximum time in seconds to wait for other user to release the workspace lock

Default: 300

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager00
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Admin User
     fmgr_system_admin_user:
        state: present
        system_admin_user:
            adom:
             - adom-name: ansible
            userid: 'ansible-test'
   - name: Admin domain.
     fmgr_system_admin_user_adom:
        bypass_validation: False
        user: ansible-test # userid
        state: present
        system_admin_user_adom:
           adom-name: 'ALL ADOMS'

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

request_url

string

The full url requested

Returned: always

Sample: “/sys/login/user”

response_code

integer

The status of api request

Returned: always

Sample: 0

response_message

string

The descriptive message of the api response

Returned: always

Sample: “OK.”

Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)