You are reading an unmaintained version of the Ansible documentation. Unmaintained Ansible versions can contain unfixed security vulnerabilities (CVE). Please upgrade to a maintained version. See the latest Ansible documentation.

fortinet.fortimanager.fmgr_system_admin_user module – Admin user.

Note

This module is part of the fortinet.fortimanager collection (version 2.1.5).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_admin_user.

New in version 2.10: of fortinet.fortimanager

Synopsis

• This module is able to configure a FortiManager device.

• Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter	Comments
bypass_validation boolean	only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters Choices: no ← (default) yes
enable_log boolean	Enable/Disable logging for task Choices: no ← (default) yes
proposed_method string	The overridden method for the underlying Json RPC request Choices: update set add
rc_failed list / elements=string	the rc codes list with which the conditions to fail will be overriden
rc_succeeded list / elements=string	the rc codes list with which the conditions to succeed will be overriden
state string / required	the directive to create, update or delete an object Choices: present absent
system_admin_user dictionary	the top level parameters set
adom list / elements=string	Adom.
adom-name string	Admin domain names.
adom-exclude list / elements=string	Adom-Exclude.
adom-name string	Admin domain names.
app-filter list / elements=string	App-Filter.
app-filter-name string	App filter name.
avatar string	Image file for avatar (maximum 4K base64 encoded).
ca string	PKI user certificate CA (CA name in local).
change-password string	Enable/disable restricted user to change self password. disable - Disable setting. enable - Enable setting. Choices: disable ← (default) enable
dashboard list / elements=string	Dashboard.
column integer	Widgets column ID. Default: 0
diskio-content-type string	Disk I/O Monitor widgets chart type. util - bandwidth utilization. iops - the number of I/O requests. blks - the amount of data of I/O requests. Choices: util ← (default) iops blks
diskio-period string	Disk I/O Monitor widgets data period. 1hour - 1 hour. 8hour - 8 hour. 24hour - 24 hour. Choices: 1hour ← (default) 8hour 24hour
log-rate-period string	Log receive monitor widgets data period. 2min - 2 minutes. 1hour - 1 hour. 6hours - 6 hours. Choices: 2min 1hour 6hours
log-rate-topn string	Log receive monitor widgets number of top items to display. 1 - Top 1. 2 - Top 2. 3 - Top 3. 4 - Top 4. 5 - Top 5. Choices: 1 2 3 4 5 ← (default)
log-rate-type string	Log receive monitor widgets statistics breakdown options. log - Show log rates for each log type. device - Show log rates for each device. Choices: log device ← (default)
moduleid integer	Widget ID. Default: 0
name string	Widget name.
num-entries integer	Number of entries. Default: 10
refresh-interval integer	Widgets refresh interval. Default: 300
res-cpu-display string	Widgets CPU display type. average - Average usage of CPU. each - Each usage of CPU. Choices: average ← (default) each
res-period string	Widgets data period. 10min - Last 10 minutes. hour - Last hour. day - Last day. Choices: 10min ← (default) hour day
res-view-type string	Widgets data view type. real-time - Real-time view. history - History view. Choices: real-time history ← (default)
status string	Widgets opened/closed state. close - Widget closed. open - Widget opened. Choices: close open ← (default)
tabid integer	ID of tab where widget is displayed. Default: 0
time-period string	Log Database Monitor widgets data period. 1hour - 1 hour. 8hour - 8 hour. 24hour - 24 hour. Choices: 1hour ← (default) 8hour 24hour
widget-type string	Widget type. top-lograte - Log Receive Monitor. sysres - System resources. sysinfo - System Information. licinfo - License Information. jsconsole - CLI Console. sysop - Unit Operation. alert - Alert Message Console. statistics - Statistics. rpteng - Report Engine. raid - Disk Monitor. logrecv - Logs/Data Received. devsummary - Device Summary. logdb-perf - Log Database Performance Monitor. logdb-lag - Log Database Lag Time. disk-io - Disk I/O. log-rcvd-fwd - Log receive and forwarding Monitor. Choices: top-lograte sysres sysinfo licinfo jsconsole sysop alert statistics rpteng raid logrecv devsummary logdb-perf logdb-lag disk-io log-rcvd-fwd
dashboard-tabs list / elements=string	Dashboard-Tabs.
name string	Tab name.
tabid integer	Tab ID. Default: 0
description string	Description.
dev-group string	device group.
email-address string	Email address.
ext-auth-accprofile-override string	Allow to use the access profile provided by the remote authentication server. disable - Disable access profile override. enable - Enable access profile override. Choices: disable ← (default) enable
ext-auth-adom-override string	Allow to use the ADOM provided by the remote authentication server. disable - Disable ADOM override. enable - Enable ADOM override. Choices: disable ← (default) enable
ext-auth-group-match string	Only administrators belonging to this group can login.
first-name string	First name.
force-password-change string	Enable/disable force password change on next login. disable - Disable setting. enable - Enable setting. Choices: disable ← (default) enable
group string	Group name.
hidden integer	Hidden administrator. Default: 0
ips-filter list / elements=string	Ips-Filter.
ips-filter-name string	IPS filter name.
ipv6_trusthost1 string	Admin user trusted host IPv6, default ::/0 for all. Default: “::/0”
ipv6_trusthost10 string	Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. Default: “ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128”
ipv6_trusthost2 string	Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. Default: “ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128”
ipv6_trusthost3 string	Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. Default: “ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128”
ipv6_trusthost4 string	Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. Default: “ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128”
ipv6_trusthost5 string	Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. Default: “ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128”
ipv6_trusthost6 string	Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. Default: “ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128”
ipv6_trusthost7 string	Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. Default: “ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128”
ipv6_trusthost8 string	Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. Default: “ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128”
ipv6_trusthost9 string	Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. Default: “ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128”
last-name string	Last name.
ldap-server string	LDAP server name.
login-max integer	Max login session for this user. Default: 32
meta-data list / elements=string	Meta-Data.
fieldlength integer	Field length. Default: 0
fieldname string	Field name.
fieldvalue string	Field value.
importance string	Importance. optional - This field is optional. required - This field is required. Choices: optional ← (default) required
status string	Status. disabled - This field is disabled. enabled - This field is enabled. Choices: disabled enabled ← (default)
mobile-number string	Mobile number.
pager-number string	Pager number.
password string	Password.
password-expire string	Password expire time in GMT.
phone-number string	Phone number.
policy-package list / elements=string	Policy-Package.
policy-package-name string	Policy package names.
profileid string	Profile ID. Default: “Restricted_User”
radius_server string	RADIUS server name.
restrict-access string	Enable/disable restricted access to development VDOM. disable - Disable setting. enable - Enable setting. Choices: disable ← (default) enable
restrict-dev-vdom list / elements=string	no description
dev-vdom string	Device or device VDOM.
rpc-permit string	set none/read/read-write rpc-permission. read-write - Read-write permission. none - No permission. read - Read-only permission. Choices: read-write none ← (default) read
ssh-public-key1 string	SSH public key 1.
ssh-public-key2 string	SSH public key 2.
ssh-public-key3 string	SSH public key 3.
subject string	PKI user certificate name constraints.
tacacs-plus-server string	TACACS+ server name.
trusthost1 string	Admin user trusted host IP, default 0.0.0.0 0.0.0.0 for all. Default: “0.0.0.0 0.0.0.0”
trusthost10 string	Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none. Default: “255.255.255.255 255.255.255.255”
trusthost2 string	Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none. Default: “255.255.255.255 255.255.255.255”
trusthost3 string	Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none. Default: “255.255.255.255 255.255.255.255”
trusthost4 string	Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none. Default: “255.255.255.255 255.255.255.255”
trusthost5 string	Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none. Default: “255.255.255.255 255.255.255.255”
trusthost6 string	Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none. Default: “255.255.255.255 255.255.255.255”
trusthost7 string	Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none. Default: “255.255.255.255 255.255.255.255”
trusthost8 string	Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none. Default: “255.255.255.255 255.255.255.255”
trusthost9 string	Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none. Default: “255.255.255.255 255.255.255.255”
two-factor-auth string	Enable 2-factor authentication (certificate + password). disable - Disable 2-factor authentication. enable - Enable 2-factor authentication. Choices: disable ← (default) enable
use-global-theme string	Enable/disble global theme for administration GUI. disable - Disable setting. enable - Enable setting. Choices: disable enable ← (default)
user-theme string	Color scheme to use for the admin user GUI. blue - Blueberry green - Kiwi red - Cherry melongene - Plum spring - Spring summer - Summer autumn - Autumn winter - Winter circuit-board - Circuit Board calla-lily - Calla Lily binary-tunnel - Binary Tunnel mars - Mars blue-sea - Blue Sea technology - Technology landscape - Landscape twilight - Twilight canyon - Canyon northern-light - Northern Light astronomy - Astronomy fish - Fish penguin - Penguin mountain - Mountain panda - Panda parrot - Parrot cave - Cave zebra - Zebra contrast-dark - High Contrast Dark Choices: blue ← (default) green red melongene spring summer autumn winter circuit-board calla-lily binary-tunnel mars blue-sea technology landscape twilight canyon northern-light astronomy fish penguin mountain panda parrot cave zebra contrast-dark
user_type string	User type. local - Local user. radius - RADIUS user. ldap - LDAP user. tacacs-plus - TACACS+ user. pki-auth - PKI user. group - Group user. Choices: local ← (default) radius ldap tacacs-plus pki-auth group sso
userid string	User name.
web-filter list / elements=string	Web-Filter.
web-filter-name string	Web filter name.
wildcard string	Enable/disable wildcard remote authentication. disable - Disable username wildcard. enable - Enable username wildcard. Choices: disable ← (default) enable
workspace_locking_adom string	the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout integer	the maximum time in seconds to wait for other user to release the workspace lock Default: 300

Notes

Note

• Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

• To create or update an object, use state present directive.

• To delete an object, use state absent directive.

• Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager00
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Admin User
     fmgr_system_admin_user:
        state: present
        system_admin_user:
            adom:
             - adom-name: ansible
            userid: 'ansible-test'
   - name: Admin domain.
     fmgr_system_admin_user_adom:
        bypass_validation: False
        user: ansible-test # userid
        state: present
        system_admin_user_adom:
           adom-name: 'ALL ADOMS'

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
request_url string	The full url requested Returned: always Sample: “/sys/login/user”
response_code integer	The status of api request Returned: always Sample: 0
response_message string	The descriptive message of the api response Returned: always Sample: “OK.”

Authors

• Link Zheng (@chillancezen)

• Jie Xue (@JieX19)

• Frank Shen (@fshen01)

• Hongbin Lu (@fgtdev-hblu)

Collection links

Issue Tracker Homepage Repository (Sources)