fortinet.fortimanager.fmgr_system_admin_user module – Admin user.
Note
This module is part of the fortinet.fortimanager collection (version 2.7.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install fortinet.fortimanager
.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_admin_user
.
New in fortinet.fortimanager 2.0.0
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
Parameter |
Comments |
---|---|
The token to access FortiManager without using username and password. |
|
Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices:
|
|
Enable/Disable logging for task. Choices:
|
|
Authenticate Ansible client with forticloud API access token. |
|
The overridden method for the underlying Json RPC request. Choices:
|
|
The rc codes list with which the conditions to fail will be overriden. |
|
The rc codes list with which the conditions to succeed will be overriden. |
|
The directive to create, update or delete an object. Choices:
|
|
The top level parameters set. |
|
Adom. |
|
Deprecated, please rename it to adom_name. Admin domain names. |
|
Deprecated, please rename it to adom_access. set all/specify/exclude adom access mode. all - All ADOMs access. specify - Specify ADOMs access. exclude - Exclude ADOMs access. Choices:
|
|
Deprecated, please rename it to adom_exclude. Adom exclude. |
|
Deprecated, please rename it to adom_name. Admin domain names. |
|
Deprecated, please rename it to app_filter. App filter. |
|
Deprecated, please rename it to app_filter_name. App filter name. |
|
Image file for avatar |
|
PKI user certificate CA |
|
Deprecated, please rename it to change_password. Enable/disable restricted user to change self password. disable - Disable setting. enable - Enable setting. Choices:
|
|
Deprecated, please rename it to cors_allow_origin. Access-Control-Allow-Origin. |
|
Dashboard. |
|
Widgets column ID. |
|
Deprecated, please rename it to diskio_content_type. Disk I/O Monitor widgets chart type. util - bandwidth utilization. iops - the number of I/O requests. blks - the amount of data of I/O requests. Choices:
|
|
Deprecated, please rename it to diskio_period. Disk I/O Monitor widgets data period. 1hour - 1 hour. 8hour - 8 hour. 24hour - 24 hour. Choices:
|
|
Deprecated, please rename it to log_rate_period. Log receive monitor widgets data period. 2min - 2 minutes. 1hour - 1 hour. 6hours - 6 hours. Choices:
|
|
Deprecated, please rename it to log_rate_topn. Log receive monitor widgets number of top items to display. 1 - Top 1. 2 - Top 2. 3 - Top 3. 4 - Top 4. 5 - Top 5. Choices:
|
|
Deprecated, please rename it to log_rate_type. Log receive monitor widgets statistics breakdown options. log - Show log rates for each log type. device - Show log rates for each device. Choices:
|
|
Widget ID. |
|
Widget name. |
|
Deprecated, please rename it to num_entries. Number of entries. |
|
Deprecated, please rename it to refresh_interval. Widgets refresh interval. |
|
Deprecated, please rename it to res_cpu_display. Widgets CPU display type. average - Average usage of CPU. each - Each usage of CPU. Choices:
|
|
Deprecated, please rename it to res_period. Widgets data period. 10min - Last 10 minutes. hour - Last hour. day - Last day. Choices:
|
|
Deprecated, please rename it to res_view_type. Widgets data view type. real-time - Real-time view. history - History view. Choices:
|
|
Widgets opened/closed state. close - Widget closed. open - Widget opened. Choices:
|
|
ID of tab where widget is displayed. |
|
Deprecated, please rename it to time_period. Log Database Monitor widgets data period. 1hour - 1 hour. 8hour - 8 hour. 24hour - 24 hour. Choices:
|
|
Deprecated, please rename it to widget_type. Widget type. top-lograte - Log Receive Monitor. sysres - System resources. sysinfo - System Information. licinfo - License Information. jsconsole - CLI Console. sysop - Unit Operation. alert - Alert Message Console. statistics - Statistics. rpteng - Report Engine. raid - Disk Monitor. logrecv - Logs/Data Received. devsummary - Device Summary. logdb-perf - Log Database Performance Monitor. logdb-lag - Log Database Lag Time. disk-io - Disk I/O. log-rcvd-fwd - Log receive and forwarding Monitor. Choices:
|
|
Deprecated, please rename it to dashboard_tabs. Dashboard tabs. |
|
Tab name. |
|
Tab ID. |
|
Description. |
|
Deprecated, please rename it to dev_group. Device group. |
|
Deprecated, please rename it to email_address. Email address. |
|
Deprecated, please rename it to ext_auth_accprofile_override. Allow to use the access profile provided by the remote authentication server. disable - Disable access profile override. enable - Enable access profile override. Choices:
|
|
Deprecated, please rename it to ext_auth_adom_override. Allow to use the ADOM provided by the remote authentication server. disable - Disable ADOM override. enable - Enable ADOM override. Choices:
|
|
Deprecated, please rename it to ext_auth_group_match. Only administrators belonging to this group can login. |
|
PKI user certificate fingerprint |
|
Deprecated, please rename it to first_name. First name. |
|
Deprecated, please rename it to force_password_change. Enable/disable force password change on next login. disable - Disable setting. enable - Enable setting. Choices:
|
|
Enable/disble FortiAI. disable - Disable setting. enable - Enable setting. Choices:
|
|
Group name. |
|
Hidden administrator. |
|
Deprecated, please rename it to ips_filter. Ips filter. |
|
Deprecated, please rename it to ips_filter_name. IPS filter name. |
|
Admin user trusted host IPv6, default |
|
Admin user trusted host IPv6, default ffff |
|
Admin user trusted host IPv6, default ffff |
|
Admin user trusted host IPv6, default ffff |
|
Admin user trusted host IPv6, default ffff |
|
Admin user trusted host IPv6, default ffff |
|
Admin user trusted host IPv6, default ffff |
|
Admin user trusted host IPv6, default ffff |
|
Admin user trusted host IPv6, default ffff |
|
Admin user trusted host IPv6, default ffff |
|
Deprecated, please rename it to last_name. Last name. |
|
Deprecated, please rename it to ldap_server. LDAP server name. |
|
Deprecated, please rename it to login_max. Max login session for this user. |
|
Deprecated, please rename it to meta_data. Meta data. |
|
Field length. |
|
Field name. |
|
Field value. |
|
Importance. optional - This field is optional. required - This field is required. Choices:
|
|
Status. disabled - This field is disabled. enabled - This field is enabled. Choices:
|
|
Deprecated, please rename it to mobile_number. Mobile number. |
|
Deprecated, please rename it to pager_number. Pager number. |
|
(list) Password. |
|
(list or str) Deprecated, please rename it to password_expire. Password expire time in GMT. |
|
Deprecated, please rename it to phone_number. Phone number. |
|
Deprecated, please rename it to policy_block. Policy block. |
|
Deprecated, please rename it to policy_block_name. Policy block names. |
|
Deprecated, please rename it to policy_package. Policy package. |
|
Deprecated, please rename it to policy_package_name. Policy package names. |
|
Profile ID. |
|
RADIUS server name. |
|
Deprecated, please rename it to restrict_access. Enable/disable restricted access to development VDOM. disable - Disable setting. enable - Enable setting. Choices:
|
|
Deprecated, please rename it to restrict_dev_vdom. Restrict dev vdom. |
|
Deprecated, please rename it to dev_vdom. Device or device VDOM. |
|
Deprecated, please rename it to rpc_permit. set none/read/read-write rpc-permission. read-write - Read-write permission. none - No permission. read - Read-only permission. Choices:
|
|
(list) Deprecated, please rename it to ssh_public_key1. SSH public key 1. |
|
(list) Deprecated, please rename it to ssh_public_key2. SSH public key 2. |
|
(list) Deprecated, please rename it to ssh_public_key3. SSH public key 3. |
|
PKI user certificate name constraints. |
|
Deprecated, please rename it to tacacs_plus_server. TACACS+ server name. |
|
Deprecated, please rename it to th_from_profile. Internal use only |
|
Deprecated, please rename it to th6_from_profile. Internal use only |
|
Admin user trusted host IP, default 0. |
|
Admin user trusted host IP, default 255. |
|
Admin user trusted host IP, default 255. |
|
Admin user trusted host IP, default 255. |
|
Admin user trusted host IP, default 255. |
|
Admin user trusted host IP, default 255. |
|
Admin user trusted host IP, default 255. |
|
Admin user trusted host IP, default 255. |
|
Admin user trusted host IP, default 255. |
|
Admin user trusted host IP, default 255. |
|
Deprecated, please rename it to two_factor_auth. Enable 2-factor authentication disable - Disable 2-factor authentication. enable - Enable 2-factor authentication. Choices:
|
|
Deprecated, please rename it to use_global_theme. Enable/disble global theme for administration GUI. disable - Disable setting. enable - Enable setting. Choices:
|
|
Deprecated, please rename it to user_theme. Color scheme to use for the admin user GUI. blue - Blueberry green - Kiwi red - Cherry melongene - Plum spring - Spring summer - Summer autumn - Autumn winter - Winter circuit-board - Circuit Board calla-lily - Calla Lily binary-tunnel - Binary Tunnel mars - Mars blue-sea - Blue Sea technology - Technology landscape - Landscape twilight - Twilight canyon - Canyon northern-light - Northern Light astronomy - Astronomy fish - Fish penguin - Penguin mountain - Mountain panda - Panda parrot - Parrot cave - Cave zebra - Zebra contrast-dark - High Contrast Dark Choices:
|
|
User type. local - Local user. radius - RADIUS user. ldap - LDAP user. tacacs-plus - TACACS+ user. pki-auth - PKI user. group - Group user. Choices:
|
|
User name. |
|
Deprecated, please rename it to web_filter. Web filter. |
|
Deprecated, please rename it to web_filter_name. Web filter name. |
|
Enable/disable wildcard remote authentication. disable - Disable username wildcard. enable - Enable username wildcard. Choices:
|
|
The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. |
|
The maximum time in seconds to wait for other user to release the workspace lock. Default: |
Notes
Note
Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state present directive.
To delete an object, use state absent directive.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- name: Example playbook
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Admin User
fortinet.fortimanager.fmgr_system_admin_user:
state: present
system_admin_user:
adom:
- adom-name: ansible
userid: "ansible-test"
- name: Admin domain.
fortinet.fortimanager.fmgr_system_admin_user_adom:
bypass_validation: false
user: ansible-test # userid
state: present
system_admin_user_adom:
adom-name: "ALL ADOMS"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The result of the request. Returned: always |
|
The full url requested. Returned: always Sample: |
|
The status of api request. Returned: always Sample: |
|
The api response. Returned: always |
|
The descriptive message of the api response. Returned: always Sample: |
|
The information of the target system. Returned: always |
|
The status the request. Returned: always Sample: |
|
Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex |