Try SpotterManages md-permissions-profile objects on Checkpoint over Web Services API
| "added in version" 3.0.0 of check_point.mgmt"
Authors: Eden Brillant (@chkp-edenbr)
preview | supported by community
Install with ansible-galaxy collection install check_point.mgmt:==5.2.3
collections:
- name: check_point.mgmt
version: 5.2.3Manages md-permissions-profile objects on Checkpoint devices including creating, updating and removing objects.
All operations are performed over Web Services API.
- name: add-md-permissions-profile
cp_mgmt_md_permissions_profile:
name: manager profile
state: present
- name: set-md-permissions-profile
cp_mgmt_md_permissions_profile:
default_profile_global_domains: read write all
name: manager profile
permission_level: domain level only
state: present
- name: delete-md-permissions-profile
cp_mgmt_md_permissions_profile:
name: profile
state: absent
name:
description:
- Object name.
required: true
type: str
tags:
description:
- Collection of tag identifiers.
elements: str
type: list
color:
choices:
- aquamarine
- black
- blue
- crete blue
- burlywood
- cyan
- dark green
- khaki
- orchid
- dark orange
- dark sea green
- pink
- turquoise
- dark blue
- firebrick
- brown
- forest green
- gold
- dark gold
- gray
- dark gray
- light green
- lemon chiffon
- coral
- sea green
- sky blue
- magenta
- purple
- slate blue
- violet red
- navy blue
- olive
- orange
- red
- sienna
- yellow
description:
- Color of the object. Should be one of existing colors.
type: str
state:
choices:
- present
- absent
default: present
description:
- State of the access rule (present or absent).
type: str
version:
description:
- Version of checkpoint. If not given one, the latest version taken.
type: str
comments:
description:
- Comments string.
type: str
details_level:
choices:
- uid
- standard
- full
description:
- The level of detail for some of the fields in the response can vary from showing
only the UID value of the object to a fully detailed representation of the object.
type: str
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings
flag was omitted - warnings will also be ignored.
type: bool
manage_admins:
description:
- Create and manage Multi-Domain Security Management administrators with the same
or lower permission level. For example, a Domain manager cannot create Superusers
or global managers.<br>Only a 'Manager' permission-level profile can edit this permission.
type: bool
wait_for_task:
default: true
description:
- Wait for the task to end. Such as publish task.
type: bool
cme_operations:
choices:
- read
- write
- disabled
description:
- Permission to read / edit the Cloud Management Extension (CME) configuration.
type: str
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
manage_sessions:
description:
- Connect/disconnect Domain sessions, publish changes, and delete other administrator
sessions.<br>Only a 'Manager' permission-level profile can edit this permission.
type: bool
mds_provisioning:
description:
- Create and manage Multi-Domain Servers and Multi-Domain Log Servers.<br>Only a "Super
User" permission-level profile can select this option.
type: bool
permission_level:
choices:
- super user
- manager
- domain level only
description:
- The level of the Multi Domain Permissions Profile.<br>The level cannot be changed
after creation.
type: str
domains_to_process:
description:
- Indicates which domains to process the commands on. It cannot be used with the details-level
full, must be run from the System Domain only and with ignore-warnings true. Valid
values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.
elements: str
type: list
auto_publish_session:
default: false
description:
- Publish the current session if changes have been performed after task completes.
type: bool
management_api_login:
description:
- Permission to log in to the Security Management Server and run API commands using
these tools, mgmt_cli (Linux and Windows binaries), Gaia CLI (clish) and Web Services
(REST). Useful if you want to prevent administrators from running automatic scripts
on the Management.<br>Note, This permission is not required to run commands from
within the API terminal in SmartConsole.
type: bool
global_vpn_management:
description:
- Lets the administrator select Enable global use for a Security Gateway shown in
the MDS Gateways & Servers view.<br>Only a 'Manager' permission-level profile can
edit this permission.
type: bool
wait_for_task_timeout:
default: 30
description:
- How many minutes to wait until throwing a timeout error.
type: int
manage_global_assignments:
description:
- Controls the ability to create, edit and delete global assignment and not the ability
to reassign, which is set according to the specific Domain's permission profile.
type: bool
default_profile_local_domains:
description:
- Name or UID of the required default profile for all local domains.
type: str
view_global_objects_in_domain:
description:
- Lets an administrator with no global objects permissions view the global objects
in the domain. This option is required for valid domain management.
type: bool
default_profile_global_domains:
description:
- Name or UID of the required default profile for all global domains.
type: str
enable_default_profile_for_local_domains:
description:
- Enable the option to specify a default profile for all local domains.
type: bool
enable_default_profile_for_global_domains:
description:
- Enable the option to specify a default profile for all global domains.
type: bool
cp_mgmt_md_permissions_profile: description: The checkpoint object created or updated. returned: always, except when deleting the object. type: dict