fortinet.fortimanager.fmgr_system_admin_user module – Admin user.

Note

This module is part of the fortinet.fortimanager collection (version 2.4.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_admin_user.

New in fortinet.fortimanager 2.0.0

Synopsis

• This module is able to configure a FortiManager device.

• Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter	Comments
access_token string	The token to access FortiManager without using username and password.
bypass_validation boolean	Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices: false ← (default) true
enable_log boolean	Enable/Disable logging for task. Choices: false ← (default) true
forticloud_access_token string	Authenticate Ansible client with forticloud API access token.
proposed_method string	The overridden method for the underlying Json RPC request. Choices: "update" "set" "add"
rc_failed list / elements=integer	The rc codes list with which the conditions to fail will be overriden.
rc_succeeded list / elements=integer	The rc codes list with which the conditions to succeed will be overriden.
state string / required	The directive to create, update or delete an object. Choices: "present" "absent"
system_admin_user dictionary	The top level parameters set.
adom list / elements=dictionary	Adom.
adom-name string	Deprecated, please rename it to adom_name. Admin domain names.
adom-access string	Deprecated, please rename it to adom_access. set all/specify/exclude adom access mode. all - All ADOMs access. specify - Specify ADOMs access. exclude - Exclude ADOMs access. Choices: "all" "specify" "exclude" "per-adom-profile"
adom-exclude list / elements=dictionary	Deprecated, please rename it to adom_exclude. Adom-Exclude.
adom-name string	Deprecated, please rename it to adom_name. Admin domain names.
app-filter list / elements=dictionary	Deprecated, please rename it to app_filter. App-Filter.
app-filter-name string	Deprecated, please rename it to app_filter_name. App filter name.
avatar string	Image file for avatar
ca string	PKI user certificate CA
change-password string	Deprecated, please rename it to change_password. Enable/disable restricted user to change self password. disable - Disable setting. enable - Enable setting. Choices: "disable" "enable"
cors-allow-origin string	Deprecated, please rename it to cors_allow_origin. Access-Control-Allow-Origin.
dashboard list / elements=dictionary	Dashboard.
column integer	Widgets column ID.
diskio-content-type string	Deprecated, please rename it to diskio_content_type. Disk I/O Monitor widgets chart type. util - bandwidth utilization. iops - the number of I/O requests. blks - the amount of data of I/O requests. Choices: "util" "iops" "blks"
diskio-period string	Deprecated, please rename it to diskio_period. Disk I/O Monitor widgets data period. 1hour - 1 hour. 8hour - 8 hour. 24hour - 24 hour. Choices: "1hour" "8hour" "24hour"
log-rate-period string	Deprecated, please rename it to log_rate_period. Log receive monitor widgets data period. 2min - 2 minutes. 1hour - 1 hour. 6hours - 6 hours. Choices: "2min" "1hour" "6hours"
log-rate-topn string	Deprecated, please rename it to log_rate_topn. Log receive monitor widgets number of top items to display. 1 - Top 1. 2 - Top 2. 3 - Top 3. 4 - Top 4. 5 - Top 5. Choices: "1" "2" "3" "4" "5"
log-rate-type string	Deprecated, please rename it to log_rate_type. Log receive monitor widgets statistics breakdown options. log - Show log rates for each log type. device - Show log rates for each device. Choices: "log" "device"
moduleid integer	Widget ID.
name string	Widget name.
num-entries integer	Deprecated, please rename it to num_entries. Number of entries.
refresh-interval integer	Deprecated, please rename it to refresh_interval. Widgets refresh interval.
res-cpu-display string	Deprecated, please rename it to res_cpu_display. Widgets CPU display type. average - Average usage of CPU. each - Each usage of CPU. Choices: "average" "each"
res-period string	Deprecated, please rename it to res_period. Widgets data period. 10min - Last 10 minutes. hour - Last hour. day - Last day. Choices: "10min" "hour" "day"
res-view-type string	Deprecated, please rename it to res_view_type. Widgets data view type. real-time - Real-time view. history - History view. Choices: "real-time" "history"
status string	Widgets opened/closed state. close - Widget closed. open - Widget opened. Choices: "close" "open"
tabid integer	ID of tab where widget is displayed.
time-period string	Deprecated, please rename it to time_period. Log Database Monitor widgets data period. 1hour - 1 hour. 8hour - 8 hour. 24hour - 24 hour. Choices: "1hour" "8hour" "24hour"
widget-type string	Deprecated, please rename it to widget_type. Widget type. top-lograte - Log Receive Monitor. sysres - System resources. sysinfo - System Information. licinfo - License Information. jsconsole - CLI Console. sysop - Unit Operation. alert - Alert Message Console. statistics - Statistics. rpteng - Report Engine. raid - Disk Monitor. logrecv - Logs/Data Received. devsummary - Device Summary. logdb-perf - Log Database Performance Monitor. logdb-lag - Log Database Lag Time. disk-io - Disk I/O. log-rcvd-fwd - Log receive and forwarding Monitor. Choices: "top-lograte" "sysres" "sysinfo" "licinfo" "jsconsole" "sysop" "alert" "statistics" "rpteng" "raid" "logrecv" "devsummary" "logdb-perf" "logdb-lag" "disk-io" "log-rcvd-fwd"
dashboard-tabs list / elements=dictionary	Deprecated, please rename it to dashboard_tabs. Dashboard-Tabs.
name string	Tab name.
tabid integer	Tab ID.
description string	Description.
dev-group string	Deprecated, please rename it to dev_group. Device group.
email-address string	Deprecated, please rename it to email_address. Email address.
ext-auth-accprofile-override string	Deprecated, please rename it to ext_auth_accprofile_override. Allow to use the access profile provided by the remote authentication server. disable - Disable access profile override. enable - Enable access profile override. Choices: "disable" "enable"
ext-auth-adom-override string	Deprecated, please rename it to ext_auth_adom_override. Allow to use the ADOM provided by the remote authentication server. disable - Disable ADOM override. enable - Enable ADOM override. Choices: "disable" "enable"
ext-auth-group-match string	Deprecated, please rename it to ext_auth_group_match. Only administrators belonging to this group can login.
fingerprint string	PKI user certificate fingerprint
first-name string	Deprecated, please rename it to first_name. First name.
force-password-change string	Deprecated, please rename it to force_password_change. Enable/disable force password change on next login. disable - Disable setting. enable - Enable setting. Choices: "disable" "enable"
group string	Group name.
hidden integer	Hidden administrator.
ips-filter list / elements=dictionary	Deprecated, please rename it to ips_filter. Ips-Filter.
ips-filter-name string	Deprecated, please rename it to ips_filter_name. IPS filter name.
ipv6_trusthost1 string	Admin user trusted host IPv6, default
ipv6_trusthost10 string	Admin user trusted host IPv6, default ffff
ipv6_trusthost2 string	Admin user trusted host IPv6, default ffff
ipv6_trusthost3 string	Admin user trusted host IPv6, default ffff
ipv6_trusthost4 string	Admin user trusted host IPv6, default ffff
ipv6_trusthost5 string	Admin user trusted host IPv6, default ffff
ipv6_trusthost6 string	Admin user trusted host IPv6, default ffff
ipv6_trusthost7 string	Admin user trusted host IPv6, default ffff
ipv6_trusthost8 string	Admin user trusted host IPv6, default ffff
ipv6_trusthost9 string	Admin user trusted host IPv6, default ffff
last-name string	Deprecated, please rename it to last_name. Last name.
ldap-server string	Deprecated, please rename it to ldap_server. LDAP server name.
login-max integer	Deprecated, please rename it to login_max. Max login session for this user.
meta-data list / elements=dictionary	Deprecated, please rename it to meta_data. Meta-Data.
fieldlength integer	Field length.
fieldname string	Field name.
fieldvalue string	Field value.
importance string	Importance. optional - This field is optional. required - This field is required. Choices: "optional" "required"
status string	Status. disabled - This field is disabled. enabled - This field is enabled. Choices: "disabled" "enabled"
mobile-number string	Deprecated, please rename it to mobile_number. Mobile number.
pager-number string	Deprecated, please rename it to pager_number. Pager number.
password any	(list) Password.
password-expire any	(list or str) Deprecated, please rename it to password_expire. Password expire time in GMT.
phone-number string	Deprecated, please rename it to phone_number. Phone number.
policy-package list / elements=dictionary	Deprecated, please rename it to policy_package. Policy-Package.
policy-package-name string	Deprecated, please rename it to policy_package_name. Policy package names.
profileid string	Profile ID.
radius_server string	RADIUS server name.
restrict-access string	Deprecated, please rename it to restrict_access. Enable/disable restricted access to development VDOM. disable - Disable setting. enable - Enable setting. Choices: "disable" "enable"
restrict-dev-vdom list / elements=dictionary	Deprecated, please rename it to restrict_dev_vdom.
dev-vdom string	Deprecated, please rename it to dev_vdom. Device or device VDOM.
rpc-permit string	Deprecated, please rename it to rpc_permit. set none/read/read-write rpc-permission. read-write - Read-write permission. none - No permission. read - Read-only permission. Choices: "read-write" "none" "read" "from-profile"
ssh-public-key1 any	(list) Deprecated, please rename it to ssh_public_key1. SSH public key 1.
ssh-public-key2 any	(list) Deprecated, please rename it to ssh_public_key2. SSH public key 2.
ssh-public-key3 any	(list) Deprecated, please rename it to ssh_public_key3. SSH public key 3.
subject string	PKI user certificate name constraints.
tacacs-plus-server string	Deprecated, please rename it to tacacs_plus_server. TACACS+ server name.
th-from-profile integer	Deprecated, please rename it to th_from_profile. Internal use only
th6-from-profile integer	Deprecated, please rename it to th6_from_profile. Internal use only
trusthost1 string	Admin user trusted host IP, default 0.
trusthost10 string	Admin user trusted host IP, default 255.
trusthost2 string	Admin user trusted host IP, default 255.
trusthost3 string	Admin user trusted host IP, default 255.
trusthost4 string	Admin user trusted host IP, default 255.
trusthost5 string	Admin user trusted host IP, default 255.
trusthost6 string	Admin user trusted host IP, default 255.
trusthost7 string	Admin user trusted host IP, default 255.
trusthost8 string	Admin user trusted host IP, default 255.
trusthost9 string	Admin user trusted host IP, default 255.
two-factor-auth string	Deprecated, please rename it to two_factor_auth. Enable 2-factor authentication disable - Disable 2-factor authentication. enable - Enable 2-factor authentication. Choices: "disable" "enable" "password" "ftc-ftm" "ftc-email" "ftc-sms"
use-global-theme string	Deprecated, please rename it to use_global_theme. Enable/disble global theme for administration GUI. disable - Disable setting. enable - Enable setting. Choices: "disable" "enable"
user-theme string	Deprecated, please rename it to user_theme. Color scheme to use for the admin user GUI. blue - Blueberry green - Kiwi red - Cherry melongene - Plum spring - Spring summer - Summer autumn - Autumn winter - Winter circuit-board - Circuit Board calla-lily - Calla Lily binary-tunnel - Binary Tunnel mars - Mars blue-sea - Blue Sea technology - Technology landscape - Landscape twilight - Twilight canyon - Canyon northern-light - Northern Light astronomy - Astronomy fish - Fish penguin - Penguin mountain - Mountain panda - Panda parrot - Parrot cave - Cave zebra - Zebra contrast-dark - High Contrast Dark Choices: "blue" "green" "red" "melongene" "spring" "summer" "autumn" "winter" "circuit-board" "calla-lily" "binary-tunnel" "mars" "blue-sea" "technology" "landscape" "twilight" "canyon" "northern-light" "astronomy" "fish" "penguin" "mountain" "panda" "parrot" "cave" "zebra" "contrast-dark" "mariner" "jade" "neutrino" "dark-matter" "forest" "cat" "graphite"
user_type string	User type. local - Local user. radius - RADIUS user. ldap - LDAP user. tacacs-plus - TACACS+ user. pki-auth - PKI user. group - Group user. Choices: "local" "radius" "ldap" "tacacs-plus" "pki-auth" "group" "sso" "api"
userid string / required	User name.
web-filter list / elements=dictionary	Deprecated, please rename it to web_filter. Web-Filter.
web-filter-name string	Deprecated, please rename it to web_filter_name. Web filter name.
wildcard string	Enable/disable wildcard remote authentication. disable - Disable username wildcard. enable - Enable username wildcard. Choices: "disable" "enable"
workspace_locking_adom string	The adom to lock for FortiManager running in workspace mode, the value can be global and others including root.
workspace_locking_timeout integer	The maximum time in seconds to wait for other user to release the workspace lock. Default: 300

Notes

Note

• Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.

• Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

• To create or update an object, use state present directive.

• To delete an object, use state absent directive.

• Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Example playbook
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Admin User
      fortinet.fortimanager.fmgr_system_admin_user:
        state: present
        system_admin_user:
          adom:
            - adom-name: ansible
          userid: "ansible-test"
    - name: Admin domain.
      fortinet.fortimanager.fmgr_system_admin_user_adom:
        bypass_validation: false
        user: ansible-test # userid
        state: present
        system_admin_user_adom:
          adom-name: "ALL ADOMS"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
meta dictionary	The result of the request. Returned: always
request_url string	The full url requested. Returned: always Sample: "/sys/login/user"
response_code integer	The status of api request. Returned: always Sample: 0
response_data list / elements=string	The api response. Returned: always
response_message string	The descriptive message of the api response. Returned: always Sample: "OK."
system_information dictionary	The information of the target system. Returned: always
rc integer	The status the request. Returned: always Sample: 0
version_check_warning list / elements=string	Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex

Authors

• Xinwei Du (@dux-fortinet)

• Xing Li (@lix-fortinet)

• Jie Xue (@JieX19)

• Link Zheng (@chillancezen)

• Frank Shen (@fshen01)

• Hongbin Lu (@fgtdev-hblu)

Collection links

• Issue Tracker
• Homepage
• Repository (Sources)