fortinet.fortimanager.fmgr_system_admin_user module – Admin user.

Note

This module is part of the fortinet.fortimanager collection (version 2.8.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_admin_user.

New in fortinet.fortimanager 2.0.0

Synopsis

• This module is able to configure a FortiManager device.

• Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter	Comments
access_token string	The token to access FortiManager without using username and password.
bypass_validation boolean	Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices: false ← (default) true
enable_log boolean	Enable/Disable logging for task. Choices: false ← (default) true
forticloud_access_token string	Authenticate Ansible client with forticloud API access token.
proposed_method string	The overridden method for the underlying Json RPC request. Choices: "update" "set" "add"
rc_failed list / elements=integer	The rc codes list with which the conditions to fail will be overriden.
rc_succeeded list / elements=integer	The rc codes list with which the conditions to succeed will be overriden.
state string / required	The directive to create, update or delete an object. Choices: "present" "absent"
system_admin_user dictionary	The top level parameters set.
adom list / elements=dictionary	Adom.
adom_name string	Admin domain names.
adom_access string	set all/specify/exclude adom access mode. all - All ADOMs access. specify - Specify ADOMs access. exclude - Exclude ADOMs access. Choices: "all" "specify" "exclude" "per-adom-profile"
adom_exclude list / elements=dictionary	Adom exclude.
adom_name string	Admin domain names.
app_filter list / elements=dictionary	App filter.
app_filter_name string	App filter name.
avatar string	Image file for avatar
ca string	PKI user certificate CA
change_password string	Enable/disable restricted user to change self password. disable - Disable setting. enable - Enable setting. Choices: "disable" "enable"
cors_allow_origin string	Access-Control-Allow-Origin.
dashboard list / elements=dictionary	Dashboard.
column integer	Widgets column ID.
diskio_content_type string	Disk I/O Monitor widgets chart type. util - bandwidth utilization. iops - the number of I/O requests. blks - the amount of data of I/O requests. Choices: "util" "iops" "blks"
diskio_period string	Disk I/O Monitor widgets data period. 1hour - 1 hour. 8hour - 8 hour. 24hour - 24 hour. Choices: "1hour" "8hour" "24hour"
log_rate_period string	Log receive monitor widgets data period. 2min - 2 minutes. 1hour - 1 hour. 6hours - 6 hours. Choices: "2min" "1hour" "6hours"
log_rate_topn string	Log receive monitor widgets number of top items to display. 1 - Top 1. 2 - Top 2. 3 - Top 3. 4 - Top 4. 5 - Top 5. Choices: "1" "2" "3" "4" "5"
log_rate_type string	Log receive monitor widgets statistics breakdown options. log - Show log rates for each log type. device - Show log rates for each device. Choices: "log" "device"
moduleid integer	Widget ID.
name string	Widget name.
num_entries integer	Number of entries.
refresh_interval integer	Widgets refresh interval.
res_cpu_display string	Widgets CPU display type. average - Average usage of CPU. each - Each usage of CPU. Choices: "average" "each"
res_period string	Widgets data period. 10min - Last 10 minutes. hour - Last hour. day - Last day. Choices: "10min" "hour" "day"
res_view_type string	Widgets data view type. real-time - Real-time view. history - History view. Choices: "real-time" "history"
status string	Widgets opened/closed state. close - Widget closed. open - Widget opened. Choices: "close" "open"
tabid integer	ID of tab where widget is displayed.
time_period string	Log Database Monitor widgets data period. 1hour - 1 hour. 8hour - 8 hour. 24hour - 24 hour. Choices: "1hour" "8hour" "24hour"
widget_type string	Widget type. top-lograte - Log Receive Monitor. sysres - System resources. sysinfo - System Information. licinfo - License Information. jsconsole - CLI Console. sysop - Unit Operation. alert - Alert Message Console. statistics - Statistics. rpteng - Report Engine. raid - Disk Monitor. logrecv - Logs/Data Received. devsummary - Device Summary. logdb-perf - Log Database Performance Monitor. logdb-lag - Log Database Lag Time. disk-io - Disk I/O. log-rcvd-fwd - Log receive and forwarding Monitor. Choices: "top-lograte" "sysres" "sysinfo" "licinfo" "jsconsole" "sysop" "alert" "statistics" "rpteng" "raid" "logrecv" "devsummary" "logdb-perf" "logdb-lag" "disk-io" "log-rcvd-fwd"
dashboard_tabs list / elements=dictionary	Dashboard tabs.
name string	Tab name.
tabid integer	Tab ID.
description string	Description.
dev_group string	Device group.
email_address string	Email address.
ext_auth_accprofile_override string	Allow to use the access profile provided by the remote authentication server. disable - Disable access profile override. enable - Enable access profile override. Choices: "disable" "enable"
ext_auth_adom_override string	Allow to use the ADOM provided by the remote authentication server. disable - Disable ADOM override. enable - Enable ADOM override. Choices: "disable" "enable"
ext_auth_group_match string	Only administrators belonging to this group can login.
fingerprint string	PKI user certificate fingerprint
first_name string	First name.
force_password_change string	Enable/disable force password change on next login. disable - Disable setting. enable - Enable setting. Choices: "disable" "enable"
fortiai string	Enable/disble FortiAI. disable - Disable setting. enable - Enable setting. Choices: "disable" "enable"
group string	Group name.
hidden integer	Hidden administrator.
ips_filter list / elements=dictionary	Ips filter.
ips_filter_name string	IPS filter name.
ipv6_trusthost1 string	Admin user trusted host IPv6, default
ipv6_trusthost10 string	Admin user trusted host IPv6, default ffff
ipv6_trusthost2 string	Admin user trusted host IPv6, default ffff
ipv6_trusthost3 string	Admin user trusted host IPv6, default ffff
ipv6_trusthost4 string	Admin user trusted host IPv6, default ffff
ipv6_trusthost5 string	Admin user trusted host IPv6, default ffff
ipv6_trusthost6 string	Admin user trusted host IPv6, default ffff
ipv6_trusthost7 string	Admin user trusted host IPv6, default ffff
ipv6_trusthost8 string	Admin user trusted host IPv6, default ffff
ipv6_trusthost9 string	Admin user trusted host IPv6, default ffff
last_name string	Last name.
ldap_server string	LDAP server name.
login_max integer	Max login session for this user.
meta_data list / elements=dictionary	Meta data.
fieldlength integer	Field length.
fieldname string	Field name.
fieldvalue string	Field value.
importance string	Importance. optional - This field is optional. required - This field is required. Choices: "optional" "required"
status string	Status. disabled - This field is disabled. enabled - This field is enabled. Choices: "disabled" "enabled"
mobile_number string	Mobile number.
pager_number string	Pager number.
password any	(list) Password.
password_expire any	(list or str) Password expire time in GMT.
phone_number string	Phone number.
policy_block list / elements=dictionary	Policy block.
policy_block_name string	Policy block names.
policy_package list / elements=dictionary	Policy package.
policy_package_name string	Policy package names.
profileid string	Profile ID.
radius_server string	RADIUS server name.
restrict_access string	Enable/disable restricted access to development VDOM. disable - Disable setting. enable - Enable setting. Choices: "disable" "enable"
restrict_dev_vdom list / elements=dictionary	Restrict dev vdom.
dev_vdom string	Device or device VDOM.
rpc_permit string	set none/read/read-write rpc-permission. read-write - Read-write permission. none - No permission. read - Read-only permission. Choices: "read-write" "none" "read" "from-profile"
ssh_public_key1 any	(list) SSH public key 1.
ssh_public_key2 any	(list) SSH public key 2.
ssh_public_key3 any	(list) SSH public key 3.
subject string	PKI user certificate name constraints.
tacacs_plus_server string	TACACS+ server name.
th6_from_profile integer	Internal use only
th_from_profile integer	Internal use only
trusthost1 string	Admin user trusted host IP, default 0.
trusthost10 string	Admin user trusted host IP, default 255.
trusthost2 string	Admin user trusted host IP, default 255.
trusthost3 string	Admin user trusted host IP, default 255.
trusthost4 string	Admin user trusted host IP, default 255.
trusthost5 string	Admin user trusted host IP, default 255.
trusthost6 string	Admin user trusted host IP, default 255.
trusthost7 string	Admin user trusted host IP, default 255.
trusthost8 string	Admin user trusted host IP, default 255.
trusthost9 string	Admin user trusted host IP, default 255.
two_factor_auth string	Enable 2-factor authentication disable - Disable 2-factor authentication. enable - Enable 2-factor authentication. Choices: "disable" "enable" "password" "ftc-ftm" "ftc-email" "ftc-sms"
use_global_theme string	Enable/disble global theme for administration GUI. disable - Disable setting. enable - Enable setting. Choices: "disable" "enable"
user_theme string	Color scheme to use for the admin user GUI. blue - Blueberry green - Kiwi red - Cherry melongene - Plum spring - Spring summer - Summer autumn - Autumn winter - Winter circuit-board - Circuit Board calla-lily - Calla Lily binary-tunnel - Binary Tunnel mars - Mars blue-sea - Blue Sea technology - Technology landscape - Landscape twilight - Twilight canyon - Canyon northern-light - Northern Light astronomy - Astronomy fish - Fish penguin - Penguin mountain - Mountain panda - Panda parrot - Parrot cave - Cave zebra - Zebra contrast-dark - High Contrast Dark Choices: "blue" "green" "red" "melongene" "spring" "summer" "autumn" "winter" "circuit-board" "calla-lily" "binary-tunnel" "mars" "blue-sea" "technology" "landscape" "twilight" "canyon" "northern-light" "astronomy" "fish" "penguin" "mountain" "panda" "parrot" "cave" "zebra" "contrast-dark" "mariner" "jade" "neutrino" "dark-matter" "forest" "cat" "graphite"
user_type string	User type. local - Local user. radius - RADIUS user. ldap - LDAP user. tacacs-plus - TACACS+ user. pki-auth - PKI user. group - Group user. Choices: "local" "radius" "ldap" "tacacs-plus" "pki-auth" "group" "sso" "api"
userid string / required	User name.
web_filter list / elements=dictionary	Web filter.
web_filter_name string	Web filter name.
wildcard string	Enable/disable wildcard remote authentication. disable - Disable username wildcard. enable - Enable username wildcard. Choices: "disable" "enable"
workspace_locking_adom string	The adom to lock for FortiManager running in workspace mode, the value can be global and others including root.
workspace_locking_timeout integer	The maximum time in seconds to wait for other user to release the workspace lock. Default: 300

Notes

Note

• Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.

• Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

• To create or update an object, use state present directive.

• To delete an object, use state absent directive.

• Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Example playbook
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Admin User
      fortinet.fortimanager.fmgr_system_admin_user:
        state: present
        system_admin_user:
          adom:
            - adom-name: ansible
          userid: "ansible-test"
    - name: Admin domain.
      fortinet.fortimanager.fmgr_system_admin_user_adom:
        bypass_validation: false
        user: ansible-test # userid
        state: present
        system_admin_user_adom:
          adom-name: "ALL ADOMS"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
meta dictionary	The result of the request. Returned: always
request_url string	The full url requested. Returned: always Sample: "/sys/login/user"
response_code integer	The status of api request. Returned: always Sample: 0
response_data list / elements=string	The api response. Returned: always
response_message string	The descriptive message of the api response. Returned: always Sample: "OK."
system_information dictionary	The information of the target system. Returned: always
rc integer	The status the request. Returned: always Sample: 0
version_check_warning list / elements=string	Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex

Authors

• Xinwei Du (@dux-fortinet)

• Xing Li (@lix-fortinet)

• Jie Xue (@JieX19)

• Link Zheng (@chillancezen)

• Frank Shen (@fshen01)

• Hongbin Lu (@fgtdev-hblu)

Collection links

• Issue Tracker
• Homepage
• Repository (Sources)