You are reading an unmaintained version of the Ansible documentation. Unmaintained Ansible versions can contain unfixed security vulnerabilities (CVE). Please upgrade to a maintained version. See the latest Ansible documentation.

update Zabbix user groups

Note

This module is part of the community.zabbix collection (version 1.9.3).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.zabbix. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: community.zabbix.zabbix_usergroup.

Synopsis
Requirements
Parameters
Notes
Examples
Return Values

Synopsis 

Create user groups if they do not exist.
Delete existing user groups if they exist and are empty.
Update existing user groups.

Requirements 

The below requirements are needed on the host that executes this module.

python >= 2.6

Parameters 

Parameter	Comments
debug_mode string	Whether debug mode is enabled or disabled. Choices: `"disabled"` ← (default) `"enabled"`
gui_access string	Frontend authentication method of the users in the group. Possible values: default - use the system default authentication method; internal - use internal authentication; LDAP - use LDAP authentication; disable - disable access to the frontend. Choices: `"default"` ← (default) `"internal"` `"LDAP"` `"disable"`
hostgroup_rights list / elements=dictionary	Host group permissions to assign to the user group For => Zabbix 6.2
host_group string / required	Name of the host group to add permission to.
permission string / required	Access level to the host group. Choices: `"denied"` `"read-only"` `"read-write"`
http_login_password string	Basic Auth password
http_login_user string	Basic Auth login
login_password string	Zabbix user password. If not set the environment variable `ZABBIX_PASSWORD` will be used. This option is deprecated with the move to httpapi connection and will be removed in the next release
login_user string	Zabbix user name. If not set the environment variable `ZABBIX_USERNAME` will be used. This option is deprecated with the move to httpapi connection and will be removed in the next release
name aliases: user_group string / required	Name of the user group to create, update or delete.
rights list / elements=dictionary	Permissions to assign to the group For <= Zabbix 6.0
host_group string / required	Name of the host group to add permission to.
permission string / required	Access level to the host group. Choices: `"denied"` `"read-only"` `"read-write"`
server_url aliases: url string	URL of Zabbix server, with protocol (http or https). `url` is an alias for `server_url`. If not set the environment variable `ZABBIX_SERVER` will be used. This option is deprecated with the move to httpapi connection and will be removed in the next release
state string	State of the user group. On `present`, it will create if user group does not exist or update the user group if the associated data is different. On `absent` will remove a user group if it exists. Choices: `"present"` ← (default) `"absent"`
status string	Whether the user group is enabled or disabled. Choices: `"enabled"` ← (default) `"disabled"`
tag_filters list / elements=dictionary	Tag based permissions to assign to the group
host_group string / required	Name of the host group to add permission to.
tag string	Tag name. Default: `""`
value string	Tag value. Default: `""`
templategroup_rights list / elements=dictionary	Template group permissions to assign to the user group For => Zabbix 6.2
permission string / required	Access level to the templategroup. Choices: `"denied"` `"read-only"` `"read-write"`
template_group string / required	Name of the template group to add permission to.
timeout integer	The timeout of API request (seconds). This option is deprecated with the move to httpapi connection and will be removed in the next release The default value is `10`
userdirectory string	Authentication user directory when gui_access set to LDAP or System default. For => Zabbix 6.2
validate_certs boolean	If set to False, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates. If not set the environment variable `ZABBIX_VALIDATE_CERTS` will be used. This option is deprecated with the move to httpapi connection and will be removed in the next release The default value is `true` Choices: `false` `true`

Notes 

Note

Only Zabbix >= 4.0 is supported.
If you use login_password=zabbix, the word “zabbix” is replaced by “********” in all module output, because login_password uses no_log. See this FAQ for more information.

Examples 

# If you want to use Username and Password to be authenticated by Zabbix Server
- name: Set credentials to access Zabbix Server API
  set_fact:
    ansible_user: Admin
    ansible_httpapi_pass: zabbix

# If you want to use API token to be authenticated by Zabbix Server
# https://www.zabbix.com/documentation/current/en/manual/web_interface/frontend_sections/administration/general#api-tokens
- name: Set API token
  set_fact:
    ansible_zabbix_auth_key: 8ec0d52432c15c91fcafe9888500cf9a607f44091ab554dbee860f6b44fac895

# Base create user group example
- name: Create user group
    # set task level variables as we change ansible_connection plugin here
  vars:
    ansible_network_os: community.zabbix.zabbix
    ansible_connection: httpapi
    ansible_httpapi_port: 443
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_zabbix_url_path: 'zabbixeu'  # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http://<FQDN>/zabbixeu
    ansible_host: zabbix-example-fqdn.org
  community.zabbix.zabbix_usergroup:
    name: ACME
    state: present

# Base create user group with selected user directory for LDAP authentication
- name: Create user group
    # set task level variables as we change ansible_connection plugin here
  vars:
    ansible_network_os: community.zabbix.zabbix
    ansible_connection: httpapi
    ansible_httpapi_port: 443
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_zabbix_url_path: 'zabbixeu'  # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http://<FQDN>/zabbixeu
    ansible_host: zabbix-example-fqdn.org
  community.zabbix.zabbix_usergroup:
    name: ACME
    userdirectory: LDAP infra 1
    state: present

# Base create user group with disabled gui access
- name: Create user group with disabled gui access
    # set task level variables as we change ansible_connection plugin here
  vars:
    ansible_network_os: community.zabbix.zabbix
    ansible_connection: httpapi
    ansible_httpapi_port: 443
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_zabbix_url_path: 'zabbixeu'  # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http://<FQDN>/zabbixeu
    ansible_host: zabbix-example-fqdn.org
  community.zabbix.zabbix_usergroup:
    name: ACME
    gui_access: disable

# Base create user group with permissions for Zabbix <= 6.0
- name: Create user group with permissions
    # set task level variables as we change ansible_connection plugin here
  vars:
    ansible_network_os: community.zabbix.zabbix
    ansible_connection: httpapi
    ansible_httpapi_port: 443
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_zabbix_url_path: 'zabbixeu'  # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http://<FQDN>/zabbixeu
    ansible_host: zabbix-example-fqdn.org
  community.zabbix.zabbix_usergroup:
    name: ACME
    rights:
        - host_group: Webserver
          permission: read-write
        - host_group: Databaseserver
          permission: read-only
    state: present

# Base create user group with permissions for Zabbix => 6.2
- name: Create user group with permissions
    # set task level variables as we change ansible_connection plugin here
  vars:
    ansible_network_os: community.zabbix.zabbix
    ansible_connection: httpapi
    ansible_httpapi_port: 443
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_zabbix_url_path: 'zabbixeu'  # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http://<FQDN>/zabbixeu
    ansible_host: zabbix-example-fqdn.org
  community.zabbix.zabbix_usergroup:
    name: ACME
    hostgroup_rights:
        - host_group: Webserver
          permission: read-write
        - host_group: Databaseserver
          permission: read-only
    templategroup_rights:
        - template_group: Linux Templates
          permission: read-write
        - template_group: Templates
          permission: read-only
    state: present

# Base create user group with tag permissions
- name: Create user group with tag permissions
    # set task level variables as we change ansible_connection plugin here
  vars:
    ansible_network_os: community.zabbix.zabbix
    ansible_connection: httpapi
    ansible_httpapi_port: 443
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_zabbix_url_path: 'zabbixeu'  # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http://<FQDN>/zabbixeu
    ansible_host: zabbix-example-fqdn.org
  community.zabbix.zabbix_usergroup:
    name: ACME
    tag_filters:
        - host_group: Webserver
          tag: Application
          value: Java
        - host_group: Discovered hosts
          tag: Service
          value: JIRA
    state: present

# Base delete user groups example
- name: Delete user groups
    # set task level variables as we change ansible_connection plugin here
  vars:
    ansible_network_os: community.zabbix.zabbix
    ansible_connection: httpapi
    ansible_httpapi_port: 443
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_zabbix_url_path: 'zabbixeu'  # If Zabbix WebUI runs on non-default (zabbix) path ,e.g. http://<FQDN>/zabbixeu
    ansible_host: zabbix-example-fqdn.org
  community.zabbix.zabbix_usergroup:
    name: ACME
    state: absent

Return Values 

Common return values are documented here, the following are the fields unique to this module:

Key	Description
msg string	The result of the operation Returned: always Sample: `"User group created: ACME, ID: 42"`
state string	User group state at the end of execution. Returned: on success Sample: `"present"`
usergroup string	User group name. Returned: on success Sample: `"ACME"`
usrgrpid string	User group id, if created, changed or deleted. Returned: on success Sample: `"42"`

Authors

Tobias Birkefeld (@tcraxs)

Collection links

Issue Tracker Homepage Repository (Sources)

community.zabbix.zabbix_usergroup module – Create/delete/update Zabbix user groups

Synopsis

Requirements

Parameters

Notes

Examples

Return Values