fortinet / fortinet.fortimanager / 2.4.0 / module / fmgr_system_admin_profile Admin profile. | "added in version" 2.0.0 of fortinet.fortimanager" Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communityfortinet.fortimanager.fmgr_system_admin_profile (2.4.0) — module
Install with ansible-galaxy collection install fortinet.fortimanager:==2.4.0
collections: - name: fortinet.fortimanager version: 2.4.0
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- name: Example playbook hosts: fortimanagers connection: httpapi vars: ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_httpapi_port: 443 tasks: - name: Admin profile. fortinet.fortimanager.fmgr_system_admin_profile: bypass_validation: false state: present system_admin_profile: description: ansible-test-description profileid: ansible-test-profile scope: adom # <value in [global, adom]> type: system # <value in [system, restricted]>
- name: Gathering fortimanager facts hosts: fortimanagers gather_facts: false connection: httpapi vars: ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_httpapi_port: 443 tasks: - name: Retrieve all the admin profiles fortinet.fortimanager.fmgr_fact: facts: selector: "system_admin_profile" params: profile: "your_value"
state: choices: - present - absent description: The directive to create, update or delete an object. required: true type: str rc_failed: description: The rc codes list with which the conditions to fail will be overriden. elements: int type: list enable_log: default: false description: Enable/Disable logging for task. type: bool access_token: description: The token to access FortiManager without using username and password. type: str rc_succeeded: description: The rc codes list with which the conditions to succeed will be overriden. elements: int type: list proposed_method: choices: - update - set - add description: The overridden method for the underlying Json RPC request. type: str bypass_validation: default: false description: Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool system_admin_profile: description: The top level parameters set. required: false suboptions: adom-lock: choices: - none - read - read-write description: - Deprecated, please rename it to adom_lock. - ADOM locking - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str adom-policy-packages: choices: - none - read - read-write description: - Deprecated, please rename it to adom_policy_packages. - ADOM policy packages. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str adom-switch: choices: - none - read - read-write description: - Deprecated, please rename it to adom_switch. - Administrator domain. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str allow-to-install: choices: - disable - enable description: - Deprecated, please rename it to allow_to_install. - Enable/disable the restricted user to install objects to the devices. - disable - Disable setting. - enable - Enable setting. type: str app-filter: choices: - disable - enable description: - Deprecated, please rename it to app_filter. - App filter. - disable - Disable setting. - enable - Enable setting. type: str assignment: choices: - none - read - read-write description: - Assignment permission. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str change-password: choices: - disable - enable description: - Deprecated, please rename it to change_password. - Enable/disable restricted user to change self password. - disable - Disable setting. - enable - Enable setting. type: str config-retrieve: choices: - none - read - read-write description: - Deprecated, please rename it to config_retrieve. - Configuration retrieve. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str config-revert: choices: - none - read - read-write description: - Deprecated, please rename it to config_revert. - Revert Configuration from Revision History - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str consistency-check: choices: - none - read - read-write description: - Deprecated, please rename it to consistency_check. - Consistency check. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str datamask: choices: - disable - enable description: - Enable/disable data masking. - disable - Disable data masking. - enable - Enable data masking. type: str datamask-custom-fields: description: Deprecated, please rename it to datamask_custom_fields. Datamask-Custom-Fields. elements: dict suboptions: field-category: choices: - log - fortiview - alert - ueba - all description: - Deprecated, please rename it to field_category. - Field categories. - log - Log. - fortiview - FortiView. - alert - Event management. - ueba - UEBA. - all - All. elements: str type: list field-name: description: Deprecated, please rename it to field_name. Field name. type: str field-status: choices: - disable - enable description: - Deprecated, please rename it to field_status. - Field status. - disable - Disable field. - enable - Enable field. type: str field-type: choices: - string - ip - mac - email - unknown description: - Deprecated, please rename it to field_type. - Field type. - string - String. - ip - IP. - mac - MAC address. - email - Email address. - unknown - Unknown. type: str type: list datamask-custom-priority: choices: - disable - enable description: - Deprecated, please rename it to datamask_custom_priority. - Prioritize custom fields. - disable - Disable custom field search priority. - enable - Enable custom field search priority. type: str datamask-fields: choices: - user - srcip - srcname - srcmac - dstip - dstname - email - message - domain description: - Deprecated, please rename it to datamask_fields. - Data masking fields. - user - User name. - srcip - Source IP. - srcname - Source name. - srcmac - Source MAC. - dstip - Destination IP. - dstname - Dst name. - email - Email. - message - Message. - domain - Domain. elements: str type: list datamask-key: description: (list) Deprecated, please rename it to datamask_key. Data masking encryption key. type: raw datamask-unmasked-time: description: Deprecated, please rename it to datamask_unmasked_time. Time in days without data masking. type: int deploy-management: choices: - none - read - read-write description: - Deprecated, please rename it to deploy_management. - Install to devices. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str description: description: Description. type: str device-ap: choices: - none - read - read-write description: - Deprecated, please rename it to device_ap. - Manage AP. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str device-config: choices: - none - read - read-write description: - Deprecated, please rename it to device_config. - Manage device configurations. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str device-forticlient: choices: - none - read - read-write description: - Deprecated, please rename it to device_forticlient. - Manage FortiClient. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str device-fortiextender: choices: - none - read - read-write description: - Deprecated, please rename it to device_fortiextender. - Manage FortiExtender. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str device-fortiswitch: choices: - none - read - read-write description: - Deprecated, please rename it to device_fortiswitch. - Manage FortiSwitch. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str device-manager: choices: - none - read - read-write description: - Deprecated, please rename it to device_manager. - Device manager. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str device-op: choices: - none - read - read-write description: - Deprecated, please rename it to device_op. - Device add/delete/edit. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str device-policy-package-lock: choices: - none - read - read-write description: - Deprecated, please rename it to device_policy_package_lock. - Device/Policy Package locking - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str device-profile: choices: - none - read - read-write description: - Deprecated, please rename it to device_profile. - Device profile permission. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str device-revision-deletion: choices: - none - read - read-write description: - Deprecated, please rename it to device_revision_deletion. - Delete device revision. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str device-wan-link-load-balance: choices: - none - read - read-write description: - Deprecated, please rename it to device_wan_link_load_balance. - Manage WAN link load balance. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str event-management: choices: - none - read - read-write description: - Deprecated, please rename it to event_management. - Event management. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str extension-access: choices: - none - read - read-write description: - Deprecated, please rename it to extension_access. - Manage extension access. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str fabric-viewer: choices: - none - read - read-write description: - Deprecated, please rename it to fabric_viewer. - Fabric viewer. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str fgd-center-advanced: choices: - none - read - read-write description: - Deprecated, please rename it to fgd_center_advanced. - FortiGuard Center Advanced. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str fgd-center-fmw-mgmt: choices: - none - read - read-write description: - Deprecated, please rename it to fgd_center_fmw_mgmt. - FortiGuard Center Firmware Management. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str fgd-center-licensing: choices: - none - read - read-write description: - Deprecated, please rename it to fgd_center_licensing. - FortiGuard Center Licensing. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str fgd_center: choices: - none - read - read-write description: - FortiGuard Center. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str fgt-gui-proxy: choices: - disable - enable description: - Deprecated, please rename it to fgt_gui_proxy. - FortiGate GUI proxy. - disable - No permission. - enable - With permission. type: str global-policy-packages: choices: - none - read - read-write description: - Deprecated, please rename it to global_policy_packages. - Global policy packages. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str import-policy-packages: choices: - none - read - read-write description: - Deprecated, please rename it to import_policy_packages. - Import Policy Package. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str intf-mapping: choices: - none - read - read-write description: - Deprecated, please rename it to intf_mapping. - Interface Mapping - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str ips-baseline-cfg: choices: - none - read - read-write description: - Deprecated, please rename it to ips_baseline_cfg. - Ips baseline sensor configration. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str ips-baseline-ovrd: choices: - disable - enable description: - Deprecated, please rename it to ips_baseline_ovrd. - Enable/disable override baseline ips sensor. - disable - Disable setting. - enable - Enable setting. type: str ips-filter: choices: - disable - enable description: - Deprecated, please rename it to ips_filter. - IPS filter. - disable - Disable setting. - enable - Enable setting. type: str ips-lock: choices: - none - read - read-write description: - Deprecated, please rename it to ips_lock. - IPS locking - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str ips-objects: choices: - none - read - read-write description: - Deprecated, please rename it to ips_objects. - Ips objects configuration. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str ipv6_trusthost1: description: Admin user trusted host IPv6, default type: str ipv6_trusthost10: description: Admin user trusted host IPv6, default ffff type: str ipv6_trusthost2: description: Admin user trusted host IPv6, default ffff type: str ipv6_trusthost3: description: Admin user trusted host IPv6, default ffff type: str ipv6_trusthost4: description: Admin user trusted host IPv6, default ffff type: str ipv6_trusthost5: description: Admin user trusted host IPv6, default ffff type: str ipv6_trusthost6: description: Admin user trusted host IPv6, default ffff type: str ipv6_trusthost7: description: Admin user trusted host IPv6, default ffff type: str ipv6_trusthost8: description: Admin user trusted host IPv6, default ffff type: str ipv6_trusthost9: description: Admin user trusted host IPv6, default ffff type: str log-viewer: choices: - none - read - read-write description: - Deprecated, please rename it to log_viewer. - Log viewer. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str policy-ips-attrs: choices: - none - read - read-write description: - Deprecated, please rename it to policy_ips_attrs. - Policy ips attributes configuration. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str policy-objects: choices: - none - read - read-write description: - Deprecated, please rename it to policy_objects. - Policy objects permission. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str profileid: description: Profile ID. required: true type: str read-passwd: choices: - none - read - read-write description: - Deprecated, please rename it to read_passwd. - View password in clear text. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str realtime-monitor: choices: - none - read - read-write description: - Deprecated, please rename it to realtime_monitor. - Realtime monitor. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str report-viewer: choices: - none - read - read-write description: - Deprecated, please rename it to report_viewer. - Report viewer. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str rpc-permit: choices: - read-write - none - read description: - Deprecated, please rename it to rpc_permit. - Set none/read/read-write rpc-permission - read-write - Read-write permission. - none - No permission. - read - Read-only permission. type: str run-report: choices: - none - read - read-write description: - Deprecated, please rename it to run_report. - Run reports. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str scope: choices: - global - adom description: - Scope. - global - Global scope. - adom - ADOM scope. type: str script-access: choices: - none - read - read-write description: - Deprecated, please rename it to script_access. - Script access. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str set-install-targets: choices: - none - read - read-write description: - Deprecated, please rename it to set_install_targets. - Edit installation targets. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str super-user-profile: choices: - disable - enable description: - Deprecated, please rename it to super_user_profile. - Enable/disable super user profile - disable - Disable super user profile - enable - Enable super user profile type: str system-setting: choices: - none - read - read-write description: - Deprecated, please rename it to system_setting. - System setting. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str term-access: choices: - none - read - read-write description: - Deprecated, please rename it to term_access. - Terminal access. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str triage-events: choices: - none - read - read-write description: - Deprecated, please rename it to triage_events. - Triage events. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str trusthost1: description: Admin user trusted host IP, default 0. type: str trusthost10: description: Admin user trusted host IP, default 255. type: str trusthost2: description: Admin user trusted host IP, default 255. type: str trusthost3: description: Admin user trusted host IP, default 255. type: str trusthost4: description: Admin user trusted host IP, default 255. type: str trusthost5: description: Admin user trusted host IP, default 255. type: str trusthost6: description: Admin user trusted host IP, default 255. type: str trusthost7: description: Admin user trusted host IP, default 255. type: str trusthost8: description: Admin user trusted host IP, default 255. type: str trusthost9: description: Admin user trusted host IP, default 255. type: str type: choices: - system - restricted description: - profile type. - system - System admin. - restricted - Restricted admin. type: str update-incidents: choices: - none - read - read-write description: - Deprecated, please rename it to update_incidents. - Create/update incidents. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str vpn-manager: choices: - none - read - read-write description: - Deprecated, please rename it to vpn_manager. - VPN manager. - none - No permission. - read - Read permission. - read-write - Read-write permission. type: str web-filter: choices: - disable - enable description: - Deprecated, please rename it to web_filter. - Web filter. - disable - Disable setting. - enable - Enable setting. type: str write-passwd-access: choices: - all - specify-by-user - specify-by-profile description: - Deprecated, please rename it to write_passwd_access. - set all/specify-by-user/specify-by-profile write password access mode. - all - All except super users. - specify-by-user - Specify by user. - specify-by-profile - Specify by profile. type: str write-passwd-profiles: description: Deprecated, please rename it to write_passwd_profiles. elements: dict suboptions: profileid: description: Profile ID. type: str type: list write-passwd-user-list: description: Deprecated, please rename it to write_passwd_user_list. elements: dict suboptions: userid: description: User ID. type: str type: list type: dict workspace_locking_adom: description: The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. type: str forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. type: str workspace_locking_timeout: default: 300 description: The maximum time in seconds to wait for other user to release the workspace lock. type: int
meta: contains: request_url: description: The full url requested. returned: always sample: /sys/login/user type: str response_code: description: The status of api request. returned: always sample: 0 type: int response_data: description: The api response. returned: always type: list response_message: description: The descriptive message of the api response. returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: complex type: list