fortinet.fortimanager.fmgr_system_admin_profile – Admin profile.

Note

This plugin is part of the fortinet.fortimanager collection (version 2.1.3).

To install it use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_admin_profile.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
bypass_validation
boolean
    Choices:
  • no ←
  • yes
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
enable_log
boolean
    Choices:
  • no ←
  • yes
Enable/Disable logging for task
proposed_method
string
    Choices:
  • update
  • set
  • add
The overridden method for the underlying Json RPC request
rc_failed
list / elements=string
the rc codes list with which the conditions to fail will be overriden
rc_succeeded
list / elements=string
the rc codes list with which the conditions to succeed will be overriden
state
string / required
    Choices:
  • present
  • absent
the directive to create, update or delete an object
system_admin_profile
dictionary
the top level parameters set
adom-lock
string
    Choices:
  • none ←
  • read
  • read-write
ADOM locking
none - No permission.
read - Read permission.
read-write - Read-write permission.
adom-policy-packages
string
    Choices:
  • none ←
  • read
  • read-write
ADOM policy packages.
none - No permission.
read - Read permission.
read-write - Read-write permission.
adom-switch
string
    Choices:
  • none ←
  • read
  • read-write
Administrator domain.
none - No permission.
read - Read permission.
read-write - Read-write permission.
allow-to-install
string
    Choices:
  • disable
  • enable ←
Enable/disable the restricted user to install objects to the devices.
disable - Disable setting.
enable - Enable setting.
app-filter
string
    Choices:
  • disable ←
  • enable
App filter.
disable - Disable setting.
enable - Enable setting.
assignment
string
    Choices:
  • none ←
  • read
  • read-write
Assignment permission.
none - No permission.
read - Read permission.
read-write - Read-write permission.
change-password
string
    Choices:
  • disable ←
  • enable
Enable/disable restricted user to change self password.
disable - Disable setting.
enable - Enable setting.
config-retrieve
string
    Choices:
  • none ←
  • read
  • read-write
Configuration retrieve.
none - No permission.
read - Read permission.
read-write - Read-write permission.
config-revert
string
    Choices:
  • none ←
  • read
  • read-write
Revert Configuration from Revision History
none - No permission.
read - Read permission.
read-write - Read-write permission.
consistency-check
string
    Choices:
  • none ←
  • read
  • read-write
Consistency check.
none - No permission.
read - Read permission.
read-write - Read-write permission.
datamask
string
    Choices:
  • disable ←
  • enable
Enable/disable data masking.
disable - Disable data masking.
enable - Enable data masking.
datamask-custom-fields
list / elements=string
no description
field-category
list / elements=string
    Choices:
  • log
  • fortiview
  • alert
  • ueba
  • all
no description
field-name
string
Field name.
field-status
string
    Choices:
  • disable
  • enable ←
Field status.
disable - Disable field.
enable - Enable field.
field-type
string
    Choices:
  • string ←
  • ip
  • mac
  • email
  • unknown
Field type.
string - String.
ip - IP.
mac - MAC address.
email - Email address.
unknown - Unknown.
datamask-custom-priority
string
    Choices:
  • disable ←
  • enable
Prioritize custom fields.
disable - Disable custom field search priority.
enable - Enable custom field search priority.
datamask-fields
list / elements=string
    Choices:
  • user
  • srcip
  • srcname
  • srcmac
  • dstip
  • dstname
  • email
  • message
  • domain
no description
datamask-key
string
no description
datamask-unmasked-time
integer
Default:
0
Time in days without data masking.
deploy-management
string
    Choices:
  • none ←
  • read
  • read-write
Install to devices.
none - No permission.
read - Read permission.
read-write - Read-write permission.
description
string
Description.
device-ap
string
    Choices:
  • none ←
  • read
  • read-write
Manage AP.
none - No permission.
read - Read permission.
read-write - Read-write permission.
device-config
string
    Choices:
  • none ←
  • read
  • read-write
Manage device configurations.
none - No permission.
read - Read permission.
read-write - Read-write permission.
device-forticlient
string
    Choices:
  • none ←
  • read
  • read-write
Manage FortiClient.
none - No permission.
read - Read permission.
read-write - Read-write permission.
device-fortiswitch
string
    Choices:
  • none ←
  • read
  • read-write
Manage FortiSwitch.
none - No permission.
read - Read permission.
read-write - Read-write permission.
device-manager
string
    Choices:
  • none ←
  • read
  • read-write
Device manager.
none - No permission.
read - Read permission.
read-write - Read-write permission.
device-op
string
    Choices:
  • none ←
  • read
  • read-write
Device add/delete/edit.
none - No permission.
read - Read permission.
read-write - Read-write permission.
device-policy-package-lock
string
    Choices:
  • none ←
  • read
  • read-write
Device/Policy Package locking
none - No permission.
read - Read permission.
read-write - Read-write permission.
device-profile
string
    Choices:
  • none ←
  • read
  • read-write
Device profile permission.
none - No permission.
read - Read permission.
read-write - Read-write permission.
device-revision-deletion
string
    Choices:
  • none ←
  • read
  • read-write
Delete device revision.
none - No permission.
read - Read permission.
read-write - Read-write permission.
device-wan-link-load-balance
string
    Choices:
  • none ←
  • read
  • read-write
Manage WAN link load balance.
none - No permission.
read - Read permission.
read-write - Read-write permission.
event-management
string
    Choices:
  • none ←
  • read
  • read-write
Event management.
none - No permission.
read - Read permission.
read-write - Read-write permission.
extension-access
string
    Choices:
  • none ←
  • read
  • read-write
Manage extension access.
none - No permission.
read - Read permission.
read-write - Read-write permission.
fabric-viewer
string
    Choices:
  • none ←
  • read
  • read-write
Fabric viewer.
none - No permission.
read - Read permission.
read-write - Read-write permission.
fgd-center-advanced
string
    Choices:
  • none ←
  • read
  • read-write
FortiGuard Center Advanced.
none - No permission.
read - Read permission.
read-write - Read-write permission.
fgd-center-fmw-mgmt
string
    Choices:
  • none ←
  • read
  • read-write
FortiGuard Center Firmware Management.
none - No permission.
read - Read permission.
read-write - Read-write permission.
fgd-center-licensing
string
    Choices:
  • none ←
  • read
  • read-write
FortiGuard Center Licensing.
none - No permission.
read - Read permission.
read-write - Read-write permission.
fgd_center
string
    Choices:
  • none ←
  • read
  • read-write
FortiGuard Center.
none - No permission.
read - Read permission.
read-write - Read-write permission.
global-policy-packages
string
    Choices:
  • none ←
  • read
  • read-write
Global policy packages.
none - No permission.
read - Read permission.
read-write - Read-write permission.
import-policy-packages
string
    Choices:
  • none ←
  • read
  • read-write
Import Policy Package.
none - No permission.
read - Read permission.
read-write - Read-write permission.
intf-mapping
string
    Choices:
  • none ←
  • read
  • read-write
Interface Mapping
none - No permission.
read - Read permission.
read-write - Read-write permission.
ips-filter
string
    Choices:
  • disable ←
  • enable
IPS filter.
disable - Disable setting.
enable - Enable setting.
log-viewer
string
    Choices:
  • none ←
  • read
  • read-write
Log viewer.
none - No permission.
read - Read permission.
read-write - Read-write permission.
policy-objects
string
    Choices:
  • none ←
  • read
  • read-write
Policy objects permission.
none - No permission.
read - Read permission.
read-write - Read-write permission.
profileid
string
Profile ID.
read-passwd
string
    Choices:
  • none ←
  • read
  • read-write
View password in clear text.
none - No permission.
read - Read permission.
read-write - Read-write permission.
realtime-monitor
string
    Choices:
  • none ←
  • read
  • read-write
Realtime monitor.
none - No permission.
read - Read permission.
read-write - Read-write permission.
report-viewer
string
    Choices:
  • none ←
  • read
  • read-write
Report viewer.
none - No permission.
read - Read permission.
read-write - Read-write permission.
run-report
string
    Choices:
  • none ←
  • read
  • read-write
Run reports.
none - No permission.
read - Read permission.
read-write - Read-write permission.
scope
string
    Choices:
  • global ←
  • adom
Scope.
global - Global scope.
adom - ADOM scope.
script-access
string
    Choices:
  • none ←
  • read
  • read-write
Script access.
none - No permission.
read - Read permission.
read-write - Read-write permission.
set-install-targets
string
    Choices:
  • none ←
  • read
  • read-write
Edit installation targets.
none - No permission.
read - Read permission.
read-write - Read-write permission.
super-user-profile
string
    Choices:
  • disable ←
  • enable
Enable/disable super user profile
disable - Disable super user profile
enable - Enable super user profile
system-setting
string
    Choices:
  • none ←
  • read
  • read-write
System setting.
none - No permission.
read - Read permission.
read-write - Read-write permission.
term-access
string
    Choices:
  • none ←
  • read
  • read-write
Terminal access.
none - No permission.
read - Read permission.
read-write - Read-write permission.
triage-events
string
    Choices:
  • none ←
  • read
  • read-write
Triage events.
none - No permission.
read - Read permission.
read-write - Read-write permission.
type
string
    Choices:
  • system ←
  • restricted
profile type.
system - System admin.
restricted - Restricted admin.
update-incidents
string
    Choices:
  • none ←
  • read
  • read-write
Create/update incidents.
none - No permission.
read - Read permission.
read-write - Read-write permission.
vpn-manager
string
    Choices:
  • none ←
  • read
  • read-write
VPN manager.
none - No permission.
read - Read permission.
read-write - Read-write permission.
web-filter
string
    Choices:
  • disable ←
  • enable
Web filter.
disable - Disable setting.
enable - Enable setting.
workspace_locking_adom
string
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Admin profile.
     fmgr_system_admin_profile:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        state: <value in [present, absent]>
        system_admin_profile:
           adom-lock: <value in [none, read, read-write]>
           adom-policy-packages: <value in [none, read, read-write]>
           adom-switch: <value in [none, read, read-write]>
           app-filter: <value in [disable, enable]>
           assignment: <value in [none, read, read-write]>
           change-password: <value in [disable, enable]>
           config-retrieve: <value in [none, read, read-write]>
           config-revert: <value in [none, read, read-write]>
           consistency-check: <value in [none, read, read-write]>
           datamask: <value in [disable, enable]>
           datamask-custom-fields:
             -
                 field-category:
                   - log
                   - fortiview
                   - alert
                   - ueba
                   - all
                 field-name: <value of string>
                 field-status: <value in [disable, enable]>
                 field-type: <value in [string, ip, mac, ...]>
           datamask-custom-priority: <value in [disable, enable]>
           datamask-fields:
             - user
             - srcip
             - srcname
             - srcmac
             - dstip
             - dstname
             - email
             - message
             - domain
           datamask-key: <value of string>
           deploy-management: <value in [none, read, read-write]>
           description: <value of string>
           device-ap: <value in [none, read, read-write]>
           device-config: <value in [none, read, read-write]>
           device-forticlient: <value in [none, read, read-write]>
           device-fortiswitch: <value in [none, read, read-write]>
           device-manager: <value in [none, read, read-write]>
           device-op: <value in [none, read, read-write]>
           device-policy-package-lock: <value in [none, read, read-write]>
           device-profile: <value in [none, read, read-write]>
           device-revision-deletion: <value in [none, read, read-write]>
           device-wan-link-load-balance: <value in [none, read, read-write]>
           event-management: <value in [none, read, read-write]>
           fgd-center-advanced: <value in [none, read, read-write]>
           fgd-center-fmw-mgmt: <value in [none, read, read-write]>
           fgd-center-licensing: <value in [none, read, read-write]>
           fgd_center: <value in [none, read, read-write]>
           global-policy-packages: <value in [none, read, read-write]>
           import-policy-packages: <value in [none, read, read-write]>
           intf-mapping: <value in [none, read, read-write]>
           ips-filter: <value in [disable, enable]>
           log-viewer: <value in [none, read, read-write]>
           policy-objects: <value in [none, read, read-write]>
           profileid: <value of string>
           read-passwd: <value in [none, read, read-write]>
           realtime-monitor: <value in [none, read, read-write]>
           report-viewer: <value in [none, read, read-write]>
           scope: <value in [global, adom]>
           set-install-targets: <value in [none, read, read-write]>
           system-setting: <value in [none, read, read-write]>
           term-access: <value in [none, read, read-write]>
           type: <value in [system, restricted]>
           vpn-manager: <value in [none, read, read-write]>
           web-filter: <value in [disable, enable]>
           datamask-unmasked-time: <value of integer>
           super-user-profile: <value in [disable, enable]>
           allow-to-install: <value in [disable, enable]>
           extension-access: <value in [none, read, read-write]>
           fabric-viewer: <value in [none, read, read-write]>
           run-report: <value in [none, read, read-write]>
           script-access: <value in [none, read, read-write]>
           triage-events: <value in [none, read, read-write]>
           update-incidents: <value in [none, read, read-write]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
request_url
string
always
The full url requested

Sample:
/sys/login/user
response_code
integer
always
The status of api request

response_message
string
always
The descriptive message of the api response

Sample:
OK.


Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)