faz_cli_system_admin_profile – Admin profile.

Added in version 1.0.0.

Warning

Starting in version 2.0.0, all variables will be named in the underscore naming convention.

Possible variable names before 2.0.0: variable-name, variable name, variable.name
Corresponding variable names since 2.0.0: variable_name

FortiAnalyzer Ansible v1.4+ supports both previous argument name and new underscore name. You will receive deprecation warnings if you keep using the previous argument name. You can ignore the warning by setting deprecation_warnings=False in ansible.cfg.

Synopsis 

This module is able to configure a FortiAnalyzer device.
Examples include all parameters and values need to be adjusted to data sources before usage.
This module supports check mode and diff mode.

Requirements 

The below requirements are needed on the host that executes this module.

ansible>=2.16.0

FortiAnalyzer Version Compatibility 

Supported Version Ranges: v6.2.1 -> latest

Parameters 

access_token The token to access FortiAnalyzer without using ansible_username and ansible_password. type: str
bypass_validation Only set to True when module schema diffs with FortiAnalyzer API structure, module continues to execute without validating parameters type: bool default: False
enable_log Enable/Disable logging for task type: bool default: False
forticloud_access_token Access token of forticloud analyzer API users. type: str
log_path The path to save log. Used if enable_log is true. Please use absolute path instead of relative path. If the log_path setting is incorrect, the log will be saved in /tmp/fortianalyzer.ansible.logtype: str default: "/tmp/fortianalyzer.ansible.log"
proposed_method The overridden method for the underlying Json RPC request type: str choices: set, update, add
version_check If set to True, it will check whether the parameters used are supported by the corresponding version of FortiAnazlyer locally based on FNDN data. A warning will be returned in version_check_warning if there is a mismatch. This warning is only a suggestion and may not be accurate. type: bool default: False
rc_succeeded The rc codes list with which the conditions to succeed will be overriden type: list
rc_failed The rc codes list with which the conditions to fail will be overriden type: list
state The directive to create, update or delete an object type: str required: true choices: present, absent
cli_system_admin_profile Admin profile. type: dict

adom_lock ADOM locking type: str choices: [none, read, read-write] default: none more...

Supported Version Ranges: v6.2.1 -> latest
adom_switch Administrator domain. type: str choices: [none, read, read-write] default: none more...

Supported Version Ranges: v6.2.1 -> latest
allow_to_install Enable/disable the restricted user to install objects to the devices. type: str choices: [disable, enable] default: enable more...

Supported Version Ranges: v6.2.1 -> v6.2.1, v6.4.1 -> latest
change_password Enable/disable the user to change self password. type: str choices: [disable, enable] default: disable more...

Supported Version Ranges: v6.2.1 -> latest
datamask Enable/disable data masking. type: str choices: [disable, enable] default: disable more...

Supported Version Ranges: v6.2.1 -> latest
datamask_custom_fields type: list of dict more...

Supported Version Ranges: v6.2.1 -> latest
- field_category Field categories. type: list elements: str choices: [log, fortiview, alert, ueba, all] more...
  
  Supported Version Ranges: v6.2.1 -> latest
- field_name Field name. type: str more...
  
  Supported Version Ranges: v6.2.1 -> latest
- field_status Field status. type: str choices: [disable, enable] default: enable more...
  
  Supported Version Ranges: v6.2.1 -> latest
- field_type Field type. type: str choices: [string, ip, mac, email, unknown] default: string more...
  
  Supported Version Ranges: v6.2.1 -> latest
datamask_custom_priority Prioritize custom fields. type: str choices: [disable, enable] default: disable more...

Supported Version Ranges: v6.2.1 -> latest
datamask_fields Data masking fields. type: list elements: str choices: [user, srcip, srcname, srcmac, dstip, dstname, email, message, domain] more...

Supported Version Ranges: v6.2.1 -> latest
datamask_key Data masking encryption key. type: str elements: str more...

Supported Version Ranges: v6.2.1 -> latest
datamask_unmasked_time Time in days without data masking. type: int default: 0 more...

Supported Version Ranges: v6.2.1 -> latest
description Description. type: str more...

Supported Version Ranges: v6.2.1 -> latest
device_ap Manage AP. type: str choices: [none, read, read-write] default: none more...

Supported Version Ranges: v6.2.1 -> latest
device_forticlient Manage FortiClient. type: str choices: [none, read, read-write] default: none more...

Supported Version Ranges: v6.2.1 -> v7.4.2
device_fortiswitch Manage FortiSwitch. type: str choices: [none, read, read-write] default: none more...

Supported Version Ranges: v6.2.1 -> latest
device_manager Device manager. type: str choices: [none, read, read-write] default: none more...

Supported Version Ranges: v6.2.1 -> latest
device_op Device add/delete/edit. type: str choices: [none, read, read-write] default: none more...

Supported Version Ranges: v6.2.1 -> latest
device_policy_package_lock Device/Policy Package locking type: str choices: [none, read, read-write] default: none more...

Supported Version Ranges: v6.2.1 -> latest
device_wan_link_load_balance Manage WAN link load balance. type: str choices: [none, read, read-write] default: none more...

Supported Version Ranges: v6.2.1 -> latest
event_management Event management. type: str choices: [none, read, read-write] default: none more...

Supported Version Ranges: v6.2.1 -> latest
fortirecorder_setting FortiRecorder settings. type: str choices: [none, read, read-write] default: none more...

Supported Version Ranges: v6.2.1 -> v7.2.11
log_viewer Log viewer. type: str choices: [none, read, read-write] default: none more...

Supported Version Ranges: v6.2.1 -> latest
profileid Profile ID. type: str more...

Supported Version Ranges: v6.2.1 -> latest
realtime_monitor Realtime monitor. type: str choices: [none, read, read-write] default: none more...

Supported Version Ranges: v6.2.1 -> v7.4.2
report_viewer Report viewer. type: str choices: [none, read, read-write] default: none more...

Supported Version Ranges: v6.2.1 -> latest
scope Scope. type: str choices: [global, adom] default: global more...

Supported Version Ranges: v6.2.1 -> latest
super_user_profile Enable/disable super user profile type: str choices: [disable, enable] default: disable more...

Supported Version Ranges: v6.2.1 -> latest
system_setting System setting. type: str choices: [none, read, read-write] default: none more...

Supported Version Ranges: v6.2.1 -> latest
fabric_viewer Fabric viewer. type: str choices: [none, read, read-write] default: none more...

Supported Version Ranges: v6.4.6 -> latest
execute_playbook Execute playbook. type: str choices: [none, read, read-write] default: none more...

Supported Version Ranges: v7.0.0 -> latest
extension_access Manage extension access. type: str choices: [none, read, read-write] default: none more...

Supported Version Ranges: v7.0.0 -> v7.2.10, v7.4.0 -> v7.4.7, v7.6.0 -> v7.6.3
run_report Run reports. type: str choices: [none, read, read-write] default: none more...

Supported Version Ranges: v7.0.0 -> latest
script_access Script access. type: str choices: [none, read, read-write] default: none more...

Supported Version Ranges: v7.0.0 -> latest
triage_events Triage events. type: str choices: [none, read, read-write] default: none more...

Supported Version Ranges: v7.0.0 -> latest
update_incidents Create/update incidents. type: str choices: [none, read, read-write] default: none more...

Supported Version Ranges: v7.0.0 -> latest
ips_baseline_ovrd Enable/disable override baseline ips sensor. type: str choices: [disable, enable] default: disable more...

Supported Version Ranges: v7.0.1 -> v7.0.2
ipv6_trusthost1 Admin user trusted host IPv6, default ::/0 for all. type: str default: ::/0 more...

Supported Version Ranges: v7.0.3 -> latest
ipv6_trusthost10 Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. type: str default: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 more...

Supported Version Ranges: v7.0.3 -> latest
ipv6_trusthost2 Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. type: str default: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 more...

Supported Version Ranges: v7.0.3 -> latest
ipv6_trusthost3 Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. type: str default: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 more...

Supported Version Ranges: v7.0.3 -> latest
ipv6_trusthost4 Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. type: str default: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 more...

Supported Version Ranges: v7.0.3 -> latest
ipv6_trusthost5 Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. type: str default: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 more...

Supported Version Ranges: v7.0.3 -> latest
ipv6_trusthost6 Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. type: str default: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 more...

Supported Version Ranges: v7.0.3 -> latest
ipv6_trusthost7 Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. type: str default: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 more...

Supported Version Ranges: v7.0.3 -> latest
ipv6_trusthost8 Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. type: str default: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 more...

Supported Version Ranges: v7.0.3 -> latest
ipv6_trusthost9 Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none. type: str default: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 more...

Supported Version Ranges: v7.0.3 -> latest
rpc_permit Set none/read/read-write rpc-permission type: str choices: [read-write, none, read] default: none more...

Supported Version Ranges: v7.0.3 -> latest
trusthost1 Admin user trusted host IP, default 0.0.0.0 0.0.0.0 for all. type: str default: 0.0.0.0 0.0.0.0 more...

Supported Version Ranges: v7.0.3 -> latest
trusthost10 Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none. type: str default: 255.255.255.255 255.255.255.255 more...

Supported Version Ranges: v7.0.3 -> latest
trusthost2 Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none. type: str default: 255.255.255.255 255.255.255.255 more...

Supported Version Ranges: v7.0.3 -> latest
trusthost3 Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none. type: str default: 255.255.255.255 255.255.255.255 more...

Supported Version Ranges: v7.0.3 -> latest
trusthost4 Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none. type: str default: 255.255.255.255 255.255.255.255 more...

Supported Version Ranges: v7.0.3 -> latest
trusthost5 Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none. type: str default: 255.255.255.255 255.255.255.255 more...

Supported Version Ranges: v7.0.3 -> latest
trusthost6 Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none. type: str default: 255.255.255.255 255.255.255.255 more...

Supported Version Ranges: v7.0.3 -> latest
trusthost7 Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none. type: str default: 255.255.255.255 255.255.255.255 more...

Supported Version Ranges: v7.0.3 -> latest
trusthost8 Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none. type: str default: 255.255.255.255 255.255.255.255 more...

Supported Version Ranges: v7.0.3 -> latest
trusthost9 Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none. type: str default: 255.255.255.255 255.255.255.255 more...

Supported Version Ranges: v7.0.3 -> latest
device_fortiextender Manage FortiExtender. type: str choices: [none, read, read-write] default: none more...

Supported Version Ranges: v7.0.4 -> v7.0.14, v7.2.1 -> latest
ips_lock IPS locking type: str choices: [none, read, read-write] default: none more...

Supported Version Ranges: v7.2.2 -> latest
fgt_gui_proxy FortiGate GUI proxy. type: str choices: [disable, enable] default: disable more...

Supported Version Ranges: v7.4.2 -> latest
write_passwd_access set all/specify-by-user/specify-by-profile write password access mode. type: str choices: [all, specify-by-user, specify-by-profile] default: all more...

Supported Version Ranges: v7.4.2 -> latest
write_passwd_profiles type: list of dict more...

Supported Version Ranges: v7.4.2 -> latest
- profileid Profile ID. type: str more...
  
  Supported Version Ranges: v7.4.2 -> latest
write_passwd_user_list type: list of dict more...

Supported Version Ranges: v7.4.2 -> latest
- userid User ID. type: str more...
  
  Supported Version Ranges: v7.4.2 -> latest
adom_admin Enable Adom Admin. type: str choices: [disable, enable] default: disable more...

Supported Version Ranges: v7.6.0 -> latest
script_run type: str choices: [none, read, read-write] default: none more...

Supported Version Ranges: v7.6.4 -> latest

Notes 

Note

To create or update an object, use state: present directive.
To delete an object, use state: absent directive
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples 

- name: Example playbook
  gather_facts: false
  connection: httpapi
  hosts: fortianalyzers
  tasks:
    - name: Admin profile.
      fortinet.fortianalyzer.faz_cli_system_admin_profile:
        cli_system_admin_profile:
          allow_to_install: disable
          change_password: disable
          datamask: disable
          profileid: 1
        state: present
  vars:
    ansible_network_os: fortinet.fortianalyzer.fortianalyzer
    ansible_httpapi_port: 443
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false

Return Values 

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

meta The result of the request. returned: always type: dict

request_url The full url requested. returned: always type: str sample: /sys/login/user
response_code The status of api request. returned: always type: int sample: 0
response_data The data body of the api response. returned: optional type: list or dict
response_message The descriptive message of the api response. returned: always type: str sample: OK
system_information The information of the target system. returned: always type: dict

rc The status the request. returned: always type: int sample: 0
version_check_warning Warning if the parameters used in the playbook are not supported by the current fortianalyzer version. returned: if params are not supported in the current version type: list

Status 

This module is not guaranteed to have a backwards compatible interface.

Authors 

Xinwei Du (@dux-fortinet)
Maxx Liu (@MaxxLiu22)
Link Zheng (@chillancezen)
Jie Xue (@JieX19)
Frank Shen (@fshen01)
Hongbin Lu (@fgtdev-hblu)