Try SpotterAdmin profile.
| "added in version" 2.0.0 of fortinet.fortimanager"
Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortimanager:==2.4.0
collections:
- name: fortinet.fortimanager
version: 2.4.0This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- name: Example playbook
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Admin profile.
fortinet.fortimanager.fmgr_system_admin_profile:
bypass_validation: false
state: present
system_admin_profile:
description: ansible-test-description
profileid: ansible-test-profile
scope: adom # <value in [global, adom]>
type: system # <value in [system, restricted]>
- name: Gathering fortimanager facts
hosts: fortimanagers
gather_facts: false
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Retrieve all the admin profiles
fortinet.fortimanager.fmgr_fact:
facts:
selector: "system_admin_profile"
params:
profile: "your_value"
state:
choices:
- present
- absent
description: The directive to create, update or delete an object.
required: true
type: str
rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
type: list
enable_log:
default: false
description: Enable/Disable logging for task.
type: bool
access_token:
description: The token to access FortiManager without using username and password.
type: str
rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
type: list
proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
type: str
bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
type: bool
system_admin_profile:
description: The top level parameters set.
required: false
suboptions:
adom-lock:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to adom_lock.
- ADOM locking
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
adom-policy-packages:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to adom_policy_packages.
- ADOM policy packages.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
adom-switch:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to adom_switch.
- Administrator domain.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
allow-to-install:
choices:
- disable
- enable
description:
- Deprecated, please rename it to allow_to_install.
- Enable/disable the restricted user to install objects to the devices.
- disable - Disable setting.
- enable - Enable setting.
type: str
app-filter:
choices:
- disable
- enable
description:
- Deprecated, please rename it to app_filter.
- App filter.
- disable - Disable setting.
- enable - Enable setting.
type: str
assignment:
choices:
- none
- read
- read-write
description:
- Assignment permission.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
change-password:
choices:
- disable
- enable
description:
- Deprecated, please rename it to change_password.
- Enable/disable restricted user to change self password.
- disable - Disable setting.
- enable - Enable setting.
type: str
config-retrieve:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to config_retrieve.
- Configuration retrieve.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
config-revert:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to config_revert.
- Revert Configuration from Revision History
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
consistency-check:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to consistency_check.
- Consistency check.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
datamask:
choices:
- disable
- enable
description:
- Enable/disable data masking.
- disable - Disable data masking.
- enable - Enable data masking.
type: str
datamask-custom-fields:
description: Deprecated, please rename it to datamask_custom_fields. Datamask-Custom-Fields.
elements: dict
suboptions:
field-category:
choices:
- log
- fortiview
- alert
- ueba
- all
description:
- Deprecated, please rename it to field_category.
- Field categories.
- log - Log.
- fortiview - FortiView.
- alert - Event management.
- ueba - UEBA.
- all - All.
elements: str
type: list
field-name:
description: Deprecated, please rename it to field_name. Field name.
type: str
field-status:
choices:
- disable
- enable
description:
- Deprecated, please rename it to field_status.
- Field status.
- disable - Disable field.
- enable - Enable field.
type: str
field-type:
choices:
- string
- ip
- mac
- email
- unknown
description:
- Deprecated, please rename it to field_type.
- Field type.
- string - String.
- ip - IP.
- mac - MAC address.
- email - Email address.
- unknown - Unknown.
type: str
type: list
datamask-custom-priority:
choices:
- disable
- enable
description:
- Deprecated, please rename it to datamask_custom_priority.
- Prioritize custom fields.
- disable - Disable custom field search priority.
- enable - Enable custom field search priority.
type: str
datamask-fields:
choices:
- user
- srcip
- srcname
- srcmac
- dstip
- dstname
- email
- message
- domain
description:
- Deprecated, please rename it to datamask_fields.
- Data masking fields.
- user - User name.
- srcip - Source IP.
- srcname - Source name.
- srcmac - Source MAC.
- dstip - Destination IP.
- dstname - Dst name.
- email - Email.
- message - Message.
- domain - Domain.
elements: str
type: list
datamask-key:
description: (list) Deprecated, please rename it to datamask_key. Data masking
encryption key.
type: raw
datamask-unmasked-time:
description: Deprecated, please rename it to datamask_unmasked_time. Time in days
without data masking.
type: int
deploy-management:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to deploy_management.
- Install to devices.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
description:
description: Description.
type: str
device-ap:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to device_ap.
- Manage AP.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
device-config:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to device_config.
- Manage device configurations.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
device-forticlient:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to device_forticlient.
- Manage FortiClient.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
device-fortiextender:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to device_fortiextender.
- Manage FortiExtender.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
device-fortiswitch:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to device_fortiswitch.
- Manage FortiSwitch.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
device-manager:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to device_manager.
- Device manager.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
device-op:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to device_op.
- Device add/delete/edit.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
device-policy-package-lock:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to device_policy_package_lock.
- Device/Policy Package locking
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
device-profile:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to device_profile.
- Device profile permission.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
device-revision-deletion:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to device_revision_deletion.
- Delete device revision.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
device-wan-link-load-balance:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to device_wan_link_load_balance.
- Manage WAN link load balance.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
event-management:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to event_management.
- Event management.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
extension-access:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to extension_access.
- Manage extension access.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
fabric-viewer:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to fabric_viewer.
- Fabric viewer.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
fgd-center-advanced:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to fgd_center_advanced.
- FortiGuard Center Advanced.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
fgd-center-fmw-mgmt:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to fgd_center_fmw_mgmt.
- FortiGuard Center Firmware Management.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
fgd-center-licensing:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to fgd_center_licensing.
- FortiGuard Center Licensing.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
fgd_center:
choices:
- none
- read
- read-write
description:
- FortiGuard Center.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
fgt-gui-proxy:
choices:
- disable
- enable
description:
- Deprecated, please rename it to fgt_gui_proxy.
- FortiGate GUI proxy.
- disable - No permission.
- enable - With permission.
type: str
global-policy-packages:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to global_policy_packages.
- Global policy packages.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
import-policy-packages:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to import_policy_packages.
- Import Policy Package.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
intf-mapping:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to intf_mapping.
- Interface Mapping
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
ips-baseline-cfg:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to ips_baseline_cfg.
- Ips baseline sensor configration.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
ips-baseline-ovrd:
choices:
- disable
- enable
description:
- Deprecated, please rename it to ips_baseline_ovrd.
- Enable/disable override baseline ips sensor.
- disable - Disable setting.
- enable - Enable setting.
type: str
ips-filter:
choices:
- disable
- enable
description:
- Deprecated, please rename it to ips_filter.
- IPS filter.
- disable - Disable setting.
- enable - Enable setting.
type: str
ips-lock:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to ips_lock.
- IPS locking
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
ips-objects:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to ips_objects.
- Ips objects configuration.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
ipv6_trusthost1:
description: Admin user trusted host IPv6, default
type: str
ipv6_trusthost10:
description: Admin user trusted host IPv6, default ffff
type: str
ipv6_trusthost2:
description: Admin user trusted host IPv6, default ffff
type: str
ipv6_trusthost3:
description: Admin user trusted host IPv6, default ffff
type: str
ipv6_trusthost4:
description: Admin user trusted host IPv6, default ffff
type: str
ipv6_trusthost5:
description: Admin user trusted host IPv6, default ffff
type: str
ipv6_trusthost6:
description: Admin user trusted host IPv6, default ffff
type: str
ipv6_trusthost7:
description: Admin user trusted host IPv6, default ffff
type: str
ipv6_trusthost8:
description: Admin user trusted host IPv6, default ffff
type: str
ipv6_trusthost9:
description: Admin user trusted host IPv6, default ffff
type: str
log-viewer:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to log_viewer.
- Log viewer.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
policy-ips-attrs:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to policy_ips_attrs.
- Policy ips attributes configuration.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
policy-objects:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to policy_objects.
- Policy objects permission.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
profileid:
description: Profile ID.
required: true
type: str
read-passwd:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to read_passwd.
- View password in clear text.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
realtime-monitor:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to realtime_monitor.
- Realtime monitor.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
report-viewer:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to report_viewer.
- Report viewer.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
rpc-permit:
choices:
- read-write
- none
- read
description:
- Deprecated, please rename it to rpc_permit.
- Set none/read/read-write rpc-permission
- read-write - Read-write permission.
- none - No permission.
- read - Read-only permission.
type: str
run-report:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to run_report.
- Run reports.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
scope:
choices:
- global
- adom
description:
- Scope.
- global - Global scope.
- adom - ADOM scope.
type: str
script-access:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to script_access.
- Script access.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
set-install-targets:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to set_install_targets.
- Edit installation targets.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
super-user-profile:
choices:
- disable
- enable
description:
- Deprecated, please rename it to super_user_profile.
- Enable/disable super user profile
- disable - Disable super user profile
- enable - Enable super user profile
type: str
system-setting:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to system_setting.
- System setting.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
term-access:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to term_access.
- Terminal access.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
triage-events:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to triage_events.
- Triage events.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
trusthost1:
description: Admin user trusted host IP, default 0.
type: str
trusthost10:
description: Admin user trusted host IP, default 255.
type: str
trusthost2:
description: Admin user trusted host IP, default 255.
type: str
trusthost3:
description: Admin user trusted host IP, default 255.
type: str
trusthost4:
description: Admin user trusted host IP, default 255.
type: str
trusthost5:
description: Admin user trusted host IP, default 255.
type: str
trusthost6:
description: Admin user trusted host IP, default 255.
type: str
trusthost7:
description: Admin user trusted host IP, default 255.
type: str
trusthost8:
description: Admin user trusted host IP, default 255.
type: str
trusthost9:
description: Admin user trusted host IP, default 255.
type: str
type:
choices:
- system
- restricted
description:
- profile type.
- system - System admin.
- restricted - Restricted admin.
type: str
update-incidents:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to update_incidents.
- Create/update incidents.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
vpn-manager:
choices:
- none
- read
- read-write
description:
- Deprecated, please rename it to vpn_manager.
- VPN manager.
- none - No permission.
- read - Read permission.
- read-write - Read-write permission.
type: str
web-filter:
choices:
- disable
- enable
description:
- Deprecated, please rename it to web_filter.
- Web filter.
- disable - Disable setting.
- enable - Enable setting.
type: str
write-passwd-access:
choices:
- all
- specify-by-user
- specify-by-profile
description:
- Deprecated, please rename it to write_passwd_access.
- set all/specify-by-user/specify-by-profile write password access mode.
- all - All except super users.
- specify-by-user - Specify by user.
- specify-by-profile - Specify by profile.
type: str
write-passwd-profiles:
description: Deprecated, please rename it to write_passwd_profiles.
elements: dict
suboptions:
profileid:
description: Profile ID.
type: str
type: list
write-passwd-user-list:
description: Deprecated, please rename it to write_passwd_user_list.
elements: dict
suboptions:
userid:
description: User ID.
type: str
type: list
type: dict
workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
type: str
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
type: str
workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
type: int
meta:
contains:
request_url:
description: The full url requested.
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request.
returned: always
sample: 0
type: int
response_data:
description: The api response.
returned: always
type: list
response_message:
description: The descriptive message of the api response.
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current FortiManager version.
returned: complex
type: list