fortinet.fortimanager.fmgr_system_admin_user – Admin user.

Note

This plugin is part of the fortinet.fortimanager collection (version 2.1.4).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_admin_user.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
bypass_validation
boolean
    Choices:
  • no ←
  • yes
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
enable_log
boolean
    Choices:
  • no ←
  • yes
Enable/Disable logging for task
proposed_method
string
    Choices:
  • update
  • set
  • add
The overridden method for the underlying Json RPC request
rc_failed
list / elements=string
the rc codes list with which the conditions to fail will be overriden
rc_succeeded
list / elements=string
the rc codes list with which the conditions to succeed will be overriden
state
string / required
    Choices:
  • present
  • absent
the directive to create, update or delete an object
system_admin_user
dictionary
the top level parameters set
adom
list / elements=string
Adom.
adom-name
string
Admin domain names.
adom-exclude
list / elements=string
Adom-Exclude.
adom-name
string
Admin domain names.
app-filter
list / elements=string
App-Filter.
app-filter-name
string
App filter name.
avatar
string
Image file for avatar (maximum 4K base64 encoded).
ca
string
PKI user certificate CA (CA name in local).
change-password
string
    Choices:
  • disable ←
  • enable
Enable/disable restricted user to change self password.
disable - Disable setting.
enable - Enable setting.
dashboard
list / elements=string
Dashboard.
column
integer
Default:
0
Widgets column ID.
diskio-content-type
string
    Choices:
  • util ←
  • iops
  • blks
Disk I/O Monitor widgets chart type.
util - bandwidth utilization.
iops - the number of I/O requests.
blks - the amount of data of I/O requests.
diskio-period
string
    Choices:
  • 1hour ←
  • 8hour
  • 24hour
Disk I/O Monitor widgets data period.
1hour - 1 hour.
8hour - 8 hour.
24hour - 24 hour.
log-rate-period
string
    Choices:
  • 2min
  • 1hour
  • 6hours
Log receive monitor widgets data period.
2min - 2 minutes.
1hour - 1 hour.
6hours - 6 hours.
log-rate-topn
string
    Choices:
  • 1
  • 2
  • 3
  • 4
  • 5 ←
Log receive monitor widgets number of top items to display.
1 - Top 1.
2 - Top 2.
3 - Top 3.
4 - Top 4.
5 - Top 5.
log-rate-type
string
    Choices:
  • log
  • device ←
Log receive monitor widgets statistics breakdown options.
log - Show log rates for each log type.
device - Show log rates for each device.
moduleid
integer
Default:
0
Widget ID.
name
string
Widget name.
num-entries
integer
Default:
10
Number of entries.
refresh-interval
integer
Default:
300
Widgets refresh interval.
res-cpu-display
string
    Choices:
  • average  ←
  • each
Widgets CPU display type.
average - Average usage of CPU.
each - Each usage of CPU.
res-period
string
    Choices:
  • 10min  ←
  • hour
  • day
Widgets data period.
10min - Last 10 minutes.
hour - Last hour.
day - Last day.
res-view-type
string
    Choices:
  • real-time
  • history ←
Widgets data view type.
real-time - Real-time view.
history - History view.
status
string
    Choices:
  • close
  • open ←
Widgets opened/closed state.
close - Widget closed.
open - Widget opened.
tabid
integer
Default:
0
ID of tab where widget is displayed.
time-period
string
    Choices:
  • 1hour ←
  • 8hour
  • 24hour
Log Database Monitor widgets data period.
1hour - 1 hour.
8hour - 8 hour.
24hour - 24 hour.
widget-type
string
    Choices:
  • top-lograte
  • sysres
  • sysinfo
  • licinfo
  • jsconsole
  • sysop
  • alert
  • statistics
  • rpteng
  • raid
  • logrecv
  • devsummary
  • logdb-perf
  • logdb-lag
  • disk-io
  • log-rcvd-fwd
Widget type.
top-lograte - Log Receive Monitor.
sysres - System resources.
sysinfo - System Information.
licinfo - License Information.
jsconsole - CLI Console.
sysop - Unit Operation.
alert - Alert Message Console.
statistics - Statistics.
rpteng - Report Engine.
raid - Disk Monitor.
logrecv - Logs/Data Received.
devsummary - Device Summary.
logdb-perf - Log Database Performance Monitor.
logdb-lag - Log Database Lag Time.
disk-io - Disk I/O.
log-rcvd-fwd - Log receive and forwarding Monitor.
dashboard-tabs
list / elements=string
Dashboard-Tabs.
name
string
Tab name.
tabid
integer
Default:
0
Tab ID.
description
string
Description.
dev-group
string
device group.
email-address
string
Email address.
ext-auth-accprofile-override
string
    Choices:
  • disable ←
  • enable
Allow to use the access profile provided by the remote authentication server.
disable - Disable access profile override.
enable - Enable access profile override.
ext-auth-adom-override
string
    Choices:
  • disable ←
  • enable
Allow to use the ADOM provided by the remote authentication server.
disable - Disable ADOM override.
enable - Enable ADOM override.
ext-auth-group-match
string
Only administrators belonging to this group can login.
first-name
string
First name.
force-password-change
string
    Choices:
  • disable ←
  • enable
Enable/disable force password change on next login.
disable - Disable setting.
enable - Enable setting.
group
string
Group name.
hidden
integer
Default:
0
Hidden administrator.
ips-filter
list / elements=string
Ips-Filter.
ips-filter-name
string
IPS filter name.
ipv6_trusthost1
string
Default:
"::/0"
Admin user trusted host IPv6, default ::/0 for all.
ipv6_trusthost10
string
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
ipv6_trusthost2
string
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
ipv6_trusthost3
string
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
ipv6_trusthost4
string
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
ipv6_trusthost5
string
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
ipv6_trusthost6
string
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
ipv6_trusthost7
string
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
ipv6_trusthost8
string
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
ipv6_trusthost9
string
Default:
"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128"
Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
last-name
string
Last name.
ldap-server
string
LDAP server name.
login-max
integer
Default:
32
Max login session for this user.
meta-data
list / elements=string
Meta-Data.
fieldlength
integer
Default:
0
Field length.
fieldname
string
Field name.
fieldvalue
string
Field value.
importance
string
    Choices:
  • optional ←
  • required
Importance.
optional - This field is optional.
required - This field is required.
status
string
    Choices:
  • disabled
  • enabled ←
Status.
disabled - This field is disabled.
enabled - This field is enabled.
mobile-number
string
Mobile number.
pager-number
string
Pager number.
password
string
Password.
password-expire
string
Password expire time in GMT.
phone-number
string
Phone number.
policy-package
list / elements=string
Policy-Package.
policy-package-name
string
Policy package names.
profileid
string
Default:
"Restricted_User"
Profile ID.
radius_server
string
RADIUS server name.
restrict-access
string
    Choices:
  • disable ←
  • enable
Enable/disable restricted access to development VDOM.
disable - Disable setting.
enable - Enable setting.
restrict-dev-vdom
list / elements=string
no description
dev-vdom
string
Device or device VDOM.
rpc-permit
string
    Choices:
  • read-write
  • none ←
  • read
set none/read/read-write rpc-permission.
read-write - Read-write permission.
none - No permission.
read - Read-only permission.
ssh-public-key1
string
SSH public key 1.
ssh-public-key2
string
SSH public key 2.
ssh-public-key3
string
SSH public key 3.
subject
string
PKI user certificate name constraints.
tacacs-plus-server
string
TACACS+ server name.
trusthost1
string
Default:
"0.0.0.0 0.0.0.0"
Admin user trusted host IP, default 0.0.0.0 0.0.0.0 for all.
trusthost10
string
Default:
"255.255.255.255 255.255.255.255"
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
trusthost2
string
Default:
"255.255.255.255 255.255.255.255"
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
trusthost3
string
Default:
"255.255.255.255 255.255.255.255"
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
trusthost4
string
Default:
"255.255.255.255 255.255.255.255"
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
trusthost5
string
Default:
"255.255.255.255 255.255.255.255"
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
trusthost6
string
Default:
"255.255.255.255 255.255.255.255"
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
trusthost7
string
Default:
"255.255.255.255 255.255.255.255"
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
trusthost8
string
Default:
"255.255.255.255 255.255.255.255"
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
trusthost9
string
Default:
"255.255.255.255 255.255.255.255"
Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
two-factor-auth
string
    Choices:
  • disable ←
  • enable
Enable 2-factor authentication (certificate + password).
disable - Disable 2-factor authentication.
enable - Enable 2-factor authentication.
use-global-theme
string
    Choices:
  • disable
  • enable ←
Enable/disble global theme for administration GUI.
disable - Disable setting.
enable - Enable setting.
user-theme
string
    Choices:
  • blue ←
  • green
  • red
  • melongene
  • spring
  • summer
  • autumn
  • winter
  • circuit-board
  • calla-lily
  • binary-tunnel
  • mars
  • blue-sea
  • technology
  • landscape
  • twilight
  • canyon
  • northern-light
  • astronomy
  • fish
  • penguin
  • mountain
  • panda
  • parrot
  • cave
  • zebra
  • contrast-dark
Color scheme to use for the admin user GUI.
blue - Blueberry
green - Kiwi
red - Cherry
melongene - Plum
spring - Spring
summer - Summer
autumn - Autumn
winter - Winter
circuit-board - Circuit Board
calla-lily - Calla Lily
binary-tunnel - Binary Tunnel
mars - Mars
blue-sea - Blue Sea
technology - Technology
landscape - Landscape
twilight - Twilight
canyon - Canyon
northern-light - Northern Light
astronomy - Astronomy
fish - Fish
penguin - Penguin
mountain - Mountain
panda - Panda
parrot - Parrot
cave - Cave
zebra - Zebra
contrast-dark - High Contrast Dark
user_type
string
    Choices:
  • local ←
  • radius
  • ldap
  • tacacs-plus
  • pki-auth
  • group
  • sso
User type.
local - Local user.
radius - RADIUS user.
ldap - LDAP user.
tacacs-plus - TACACS+ user.
pki-auth - PKI user.
group - Group user.
userid
string
User name.
web-filter
list / elements=string
Web-Filter.
web-filter-name
string
Web filter name.
wildcard
string
    Choices:
  • disable ←
  • enable
Enable/disable wildcard remote authentication.
disable - Disable username wildcard.
enable - Enable username wildcard.
workspace_locking_adom
string
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager00
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Admin User
     fmgr_system_admin_user:
        state: present
        system_admin_user:
            adom:
             - adom-name: ansible
            userid: 'ansible-test'
   - name: Admin domain.
     fmgr_system_admin_user_adom:
        bypass_validation: False
        user: ansible-test # userid
        state: present
        system_admin_user_adom:
           adom-name: 'ALL ADOMS'

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
request_url
string
always
The full url requested

Sample:
/sys/login/user
response_code
integer
always
The status of api request

response_message
string
always
The descriptive message of the api response

Sample:
OK.


Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)