W3cubDocs

/Ansible 2.11

fortinet.fortimanager.fmgr_system_admin_profile – Admin profile.

Note

This plugin is part of the fortinet.fortimanager collection (version 2.0.1).

To install it use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_admin_profile.

New in version 2.10: of fortinet.fortimanager

Synopsis
Parameters
Notes
Examples
Return Values

Synopsis

This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter			Choices/Defaults	Comments
bypass_validation boolean			Choices: no ← yes	only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
rc_failed list / elements=string				the rc codes list with which the conditions to fail will be overriden
rc_succeeded list / elements=string				the rc codes list with which the conditions to succeed will be overriden
state string / required			Choices: present absent	the directive to create, update or delete an object
system_admin_profile dictionary				the top level parameters set
	adom-lock string		Choices: none ← read read-write	ADOM locking none - No permission. read - Read permission. read-write - Read-write permission.
	adom-policy-packages string		Choices: none ← read read-write	ADOM policy packages. none - No permission. read - Read permission. read-write - Read-write permission.
	adom-switch string		Choices: none ← read read-write	Administrator domain. none - No permission. read - Read permission. read-write - Read-write permission.
	app-filter string		Choices: disable ← enable	App filter. disable - Disable setting. enable - Enable setting.
	assignment string		Choices: none ← read read-write	Assignment permission. none - No permission. read - Read permission. read-write - Read-write permission.
	change-password string		Choices: disable ← enable	Enable/disable restricted user to change self password. disable - Disable setting. enable - Enable setting.
	config-retrieve string		Choices: none ← read read-write	Configuration retrieve. none - No permission. read - Read permission. read-write - Read-write permission.
	config-revert string		Choices: none ← read read-write	Revert Configuration from Revision History none - No permission. read - Read permission. read-write - Read-write permission.
	consistency-check string		Choices: none ← read read-write	Consistency check. none - No permission. read - Read permission. read-write - Read-write permission.
	datamask string		Choices: disable ← enable	Enable/disable data masking. disable - Disable data masking. enable - Enable data masking.
	datamask-custom-fields list / elements=string			no description
		field-category list / elements=string	Choices: log fortiview alert ueba all	no description
		field-name string		Field name.
		field-status string	Choices: disable enable ←	Field status. disable - Disable field. enable - Enable field.
		field-type string	Choices: string ← ip mac email unknown	Field type. string - String. ip - IP. mac - MAC address. email - Email address. unknown - Unknown.
	datamask-custom-priority string		Choices: disable ← enable	Prioritize custom fields. disable - Disable custom field search priority. enable - Enable custom field search priority.
	datamask-fields list / elements=string		Choices: user srcip srcname srcmac dstip dstname email message domain	no description
	datamask-key string			no description
	deploy-management string		Choices: none ← read read-write	Install to devices. none - No permission. read - Read permission. read-write - Read-write permission.
	description string			Description.
	device-ap string		Choices: none ← read read-write	Manage AP. none - No permission. read - Read permission. read-write - Read-write permission.
	device-config string		Choices: none ← read read-write	Manage device configurations. none - No permission. read - Read permission. read-write - Read-write permission.
	device-forticlient string		Choices: none ← read read-write	Manage FortiClient. none - No permission. read - Read permission. read-write - Read-write permission.
	device-fortiswitch string		Choices: none ← read read-write	Manage FortiSwitch. none - No permission. read - Read permission. read-write - Read-write permission.
	device-manager string		Choices: none ← read read-write	Device manager. none - No permission. read - Read permission. read-write - Read-write permission.
	device-op string		Choices: none ← read read-write	Device add/delete/edit. none - No permission. read - Read permission. read-write - Read-write permission.
	device-policy-package-lock string		Choices: none ← read read-write	Device/Policy Package locking none - No permission. read - Read permission. read-write - Read-write permission.
	device-profile string		Choices: none ← read read-write	Device profile permission. none - No permission. read - Read permission. read-write - Read-write permission.
	device-revision-deletion string		Choices: none ← read read-write	Delete device revision. none - No permission. read - Read permission. read-write - Read-write permission.
	device-wan-link-load-balance string		Choices: none ← read read-write	Manage WAN link load balance. none - No permission. read - Read permission. read-write - Read-write permission.
	event-management string		Choices: none ← read read-write	Event management. none - No permission. read - Read permission. read-write - Read-write permission.
	fgd-center-advanced string		Choices: none ← read read-write	FortiGuard Center Advanced. none - No permission. read - Read permission. read-write - Read-write permission.
	fgd-center-fmw-mgmt string		Choices: none ← read read-write	FortiGuard Center Firmware Management. none - No permission. read - Read permission. read-write - Read-write permission.
	fgd-center-licensing string		Choices: none ← read read-write	FortiGuard Center Licensing. none - No permission. read - Read permission. read-write - Read-write permission.
	fgd_center string		Choices: none ← read read-write	FortiGuard Center. none - No permission. read - Read permission. read-write - Read-write permission.
	global-policy-packages string		Choices: none ← read read-write	Global policy packages. none - No permission. read - Read permission. read-write - Read-write permission.
	import-policy-packages string		Choices: none ← read read-write	Import Policy Package. none - No permission. read - Read permission. read-write - Read-write permission.
	intf-mapping string		Choices: none ← read read-write	Interface Mapping none - No permission. read - Read permission. read-write - Read-write permission.
	ips-filter string		Choices: disable ← enable	IPS filter. disable - Disable setting. enable - Enable setting.
	log-viewer string		Choices: none ← read read-write	Log viewer. none - No permission. read - Read permission. read-write - Read-write permission.
	policy-objects string		Choices: none ← read read-write	Policy objects permission. none - No permission. read - Read permission. read-write - Read-write permission.
	profileid string			Profile ID.
	read-passwd string		Choices: none ← read read-write	View password in clear text. none - No permission. read - Read permission. read-write - Read-write permission.
	realtime-monitor string		Choices: none ← read read-write	Realtime monitor. none - No permission. read - Read permission. read-write - Read-write permission.
	report-viewer string		Choices: none ← read read-write	Report viewer. none - No permission. read - Read permission. read-write - Read-write permission.
	scope string		Choices: global ← adom	Scope. global - Global scope. adom - ADOM scope.
	set-install-targets string		Choices: none ← read read-write	Edit installation targets. none - No permission. read - Read permission. read-write - Read-write permission.
	system-setting string		Choices: none ← read read-write	System setting. none - No permission. read - Read permission. read-write - Read-write permission.
	term-access string		Choices: none ← read read-write	Terminal access. none - No permission. read - Read permission. read-write - Read-write permission.
	type string		Choices: system ← restricted	profile type. system - System admin. restricted - Restricted admin.
	vpn-manager string		Choices: none ← read read-write	VPN manager. none - No permission. read - Read permission. read-write - Read-write permission.
	web-filter string		Choices: disable ← enable	Web filter. disable - Disable setting. enable - Enable setting.
workspace_locking_adom string				the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout integer			Default: 300	the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state present directive.
To delete an object, use state absent directive.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Admin profile.
     fmgr_system_admin_profile:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        state: <value in [present, absent]>
        system_admin_profile:
           adom-lock: <value in [none, read, read-write]>
           adom-policy-packages: <value in [none, read, read-write]>
           adom-switch: <value in [none, read, read-write]>
           app-filter: <value in [disable, enable]>
           assignment: <value in [none, read, read-write]>
           change-password: <value in [disable, enable]>
           config-retrieve: <value in [none, read, read-write]>
           config-revert: <value in [none, read, read-write]>
           consistency-check: <value in [none, read, read-write]>
           datamask: <value in [disable, enable]>
           datamask-custom-fields:
             -
                 field-category:
                   - log
                   - fortiview
                   - alert
                   - ueba
                   - all
                 field-name: <value of string>
                 field-status: <value in [disable, enable]>
                 field-type: <value in [string, ip, mac, ...]>
           datamask-custom-priority: <value in [disable, enable]>
           datamask-fields:
             - user
             - srcip
             - srcname
             - srcmac
             - dstip
             - dstname
             - email
             - message
             - domain
           datamask-key: <value of string>
           deploy-management: <value in [none, read, read-write]>
           description: <value of string>
           device-ap: <value in [none, read, read-write]>
           device-config: <value in [none, read, read-write]>
           device-forticlient: <value in [none, read, read-write]>
           device-fortiswitch: <value in [none, read, read-write]>
           device-manager: <value in [none, read, read-write]>
           device-op: <value in [none, read, read-write]>
           device-policy-package-lock: <value in [none, read, read-write]>
           device-profile: <value in [none, read, read-write]>
           device-revision-deletion: <value in [none, read, read-write]>
           device-wan-link-load-balance: <value in [none, read, read-write]>
           event-management: <value in [none, read, read-write]>
           fgd-center-advanced: <value in [none, read, read-write]>
           fgd-center-fmw-mgmt: <value in [none, read, read-write]>
           fgd-center-licensing: <value in [none, read, read-write]>
           fgd_center: <value in [none, read, read-write]>
           global-policy-packages: <value in [none, read, read-write]>
           import-policy-packages: <value in [none, read, read-write]>
           intf-mapping: <value in [none, read, read-write]>
           ips-filter: <value in [disable, enable]>
           log-viewer: <value in [none, read, read-write]>
           policy-objects: <value in [none, read, read-write]>
           profileid: <value of string>
           read-passwd: <value in [none, read, read-write]>
           realtime-monitor: <value in [none, read, read-write]>
           report-viewer: <value in [none, read, read-write]>
           scope: <value in [global, adom]>
           set-install-targets: <value in [none, read, read-write]>
           system-setting: <value in [none, read, read-write]>
           term-access: <value in [none, read, read-write]>
           type: <value in [system, restricted]>
           vpn-manager: <value in [none, read, read-write]>
           web-filter: <value in [disable, enable]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
request_url string	always	The full url requested Sample: /sys/login/user
response_code integer	always	The status of api request
response_message string	always	The descriptive message of the api response Sample: OK.

Authors

Link Zheng (@chillancezen)
Jie Xue (@JieX19)
Frank Shen (@fshen01)
Hongbin Lu (@fgtdev-hblu)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/fortinet/fortimanager/fmgr_system_admin_profile_module.html