Docs Home
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev
fortimanager.SystemAdminProfile
Explore with Pulumi AI
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev
Admin profile.
The following variables have sub resource. Avoid using them together, otherwise conflicts and overwrites may occur.
datamask_custom_fields:fortimanager.SystemAdminProfileDatamaskcustomfieldswrite_passwd_profiles:fortimanager.SystemAdminProfileWritepasswdprofileswrite_passwd_user_list:fortimanager.SystemAdminProfileWritepasswduserlist
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fortimanager from "@pulumi/fortimanager";
const trname = new fortimanager.SystemAdminProfile("trname", {
description: "terraform-tefv-description",
profileid: "terraform-tefv-profile2",
scope: "adom",
type: "system",
});
import pulumi
import pulumi_fortimanager as fortimanager
trname = fortimanager.SystemAdminProfile("trname",
description="terraform-tefv-description",
profileid="terraform-tefv-profile2",
scope="adom",
type="system")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/fortimanager/fortimanager"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := fortimanager.NewSystemAdminProfile(ctx, "trname", &fortimanager.SystemAdminProfileArgs{
Description: pulumi.String("terraform-tefv-description"),
Profileid: pulumi.String("terraform-tefv-profile2"),
Scope: pulumi.String("adom"),
Type: pulumi.String("system"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fortimanager = Pulumi.Fortimanager;
return await Deployment.RunAsync(() =>
{
var trname = new Fortimanager.SystemAdminProfile("trname", new()
{
Description = "terraform-tefv-description",
Profileid = "terraform-tefv-profile2",
Scope = "adom",
Type = "system",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fortimanager.SystemAdminProfile;
import com.pulumi.fortimanager.SystemAdminProfileArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var trname = new SystemAdminProfile("trname", SystemAdminProfileArgs.builder()
.description("terraform-tefv-description")
.profileid("terraform-tefv-profile2")
.scope("adom")
.type("system")
.build());
}
}
resources:
trname:
type: fortimanager:SystemAdminProfile
properties:
description: terraform-tefv-description
profileid: terraform-tefv-profile2
scope: adom
type: system
Create SystemAdminProfile Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SystemAdminProfile(name: string, args?: SystemAdminProfileArgs, opts?: CustomResourceOptions);@overload
def SystemAdminProfile(resource_name: str,
args: Optional[SystemAdminProfileArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def SystemAdminProfile(resource_name: str,
opts: Optional[ResourceOptions] = None,
adom_admin: Optional[str] = None,
adom_lock: Optional[str] = None,
adom_policy_packages: Optional[str] = None,
adom_switch: Optional[str] = None,
allow_to_install: Optional[str] = None,
app_filter: Optional[str] = None,
assignment: Optional[str] = None,
change_password: Optional[str] = None,
config_retrieve: Optional[str] = None,
config_revert: Optional[str] = None,
consistency_check: Optional[str] = None,
datamask: Optional[str] = None,
datamask_custom_fields: Optional[Sequence[SystemAdminProfileDatamaskCustomFieldArgs]] = None,
datamask_custom_priority: Optional[str] = None,
datamask_fields: Optional[Sequence[str]] = None,
datamask_keys: Optional[Sequence[str]] = None,
datamask_unmasked_time: Optional[float] = None,
deploy_management: Optional[str] = None,
description: Optional[str] = None,
device_ap: Optional[str] = None,
device_config: Optional[str] = None,
device_forticlient: Optional[str] = None,
device_fortiextender: Optional[str] = None,
device_fortiswitch: Optional[str] = None,
device_manager: Optional[str] = None,
device_op: Optional[str] = None,
device_policy_package_lock: Optional[str] = None,
device_profile: Optional[str] = None,
device_revision_deletion: Optional[str] = None,
device_wan_link_load_balance: Optional[str] = None,
dynamic_sort_subtable: Optional[str] = None,
event_management: Optional[str] = None,
extension_access: Optional[str] = None,
fabric_viewer: Optional[str] = None,
fgd_center: Optional[str] = None,
fgd_center_advanced: Optional[str] = None,
fgd_center_fmw_mgmt: Optional[str] = None,
fgd_center_licensing: Optional[str] = None,
fgt_gui_proxy: Optional[str] = None,
global_policy_packages: Optional[str] = None,
import_policy_packages: Optional[str] = None,
intf_mapping: Optional[str] = None,
ips_baseline_cfg: Optional[str] = None,
ips_baseline_ovrd: Optional[str] = None,
ips_filter: Optional[str] = None,
ips_lock: Optional[str] = None,
ips_objects: Optional[str] = None,
ipv6_trusthost1: Optional[str] = None,
ipv6_trusthost10: Optional[str] = None,
ipv6_trusthost2: Optional[str] = None,
ipv6_trusthost3: Optional[str] = None,
ipv6_trusthost4: Optional[str] = None,
ipv6_trusthost5: Optional[str] = None,
ipv6_trusthost6: Optional[str] = None,
ipv6_trusthost7: Optional[str] = None,
ipv6_trusthost8: Optional[str] = None,
ipv6_trusthost9: Optional[str] = None,
log_viewer: Optional[str] = None,
policy_ips_attrs: Optional[str] = None,
policy_objects: Optional[str] = None,
profileid: Optional[str] = None,
read_passwd: Optional[str] = None,
realtime_monitor: Optional[str] = None,
report_viewer: Optional[str] = None,
rpc_permit: Optional[str] = None,
run_report: Optional[str] = None,
scope: Optional[str] = None,
script_access: Optional[str] = None,
set_install_targets: Optional[str] = None,
super_user_profile: Optional[str] = None,
system_admin_profile_id: Optional[str] = None,
system_setting: Optional[str] = None,
term_access: Optional[str] = None,
triage_events: Optional[str] = None,
trusthost1: Optional[str] = None,
trusthost10: Optional[str] = None,
trusthost2: Optional[str] = None,
trusthost3: Optional[str] = None,
trusthost4: Optional[str] = None,
trusthost5: Optional[str] = None,
trusthost6: Optional[str] = None,
trusthost7: Optional[str] = None,
trusthost8: Optional[str] = None,
trusthost9: Optional[str] = None,
type: Optional[str] = None,
update_incidents: Optional[str] = None,
vpn_manager: Optional[str] = None,
web_filter: Optional[str] = None,
write_passwd_access: Optional[str] = None,
write_passwd_profiles: Optional[Sequence[SystemAdminProfileWritePasswdProfileArgs]] = None,
write_passwd_user_lists: Optional[Sequence[SystemAdminProfileWritePasswdUserListArgs]] = None)func NewSystemAdminProfile(ctx *Context, name string, args *SystemAdminProfileArgs, opts ...ResourceOption) (*SystemAdminProfile, error)public SystemAdminProfile(string name, SystemAdminProfileArgs? args = null, CustomResourceOptions? opts = null)
public SystemAdminProfile(String name, SystemAdminProfileArgs args)
public SystemAdminProfile(String name, SystemAdminProfileArgs args, CustomResourceOptions options)
type: fortimanager:SystemAdminProfile
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SystemAdminProfileArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SystemAdminProfileArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SystemAdminProfileArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SystemAdminProfileArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SystemAdminProfileArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var systemAdminProfileResource = new Fortimanager.SystemAdminProfile("systemAdminProfileResource", new()
{
AdomAdmin = "string",
AdomLock = "string",
AdomPolicyPackages = "string",
AdomSwitch = "string",
AllowToInstall = "string",
AppFilter = "string",
Assignment = "string",
ChangePassword = "string",
ConfigRetrieve = "string",
ConfigRevert = "string",
ConsistencyCheck = "string",
Datamask = "string",
DatamaskCustomFields = new[]
{
new Fortimanager.Inputs.SystemAdminProfileDatamaskCustomFieldArgs
{
FieldCategories = new[]
{
"string",
},
FieldName = "string",
FieldStatus = "string",
FieldType = "string",
},
},
DatamaskCustomPriority = "string",
DatamaskFields = new[]
{
"string",
},
DatamaskKeys = new[]
{
"string",
},
DatamaskUnmaskedTime = 0,
DeployManagement = "string",
Description = "string",
DeviceAp = "string",
DeviceConfig = "string",
DeviceForticlient = "string",
DeviceFortiextender = "string",
DeviceFortiswitch = "string",
DeviceManager = "string",
DeviceOp = "string",
DevicePolicyPackageLock = "string",
DeviceProfile = "string",
DeviceRevisionDeletion = "string",
DeviceWanLinkLoadBalance = "string",
DynamicSortSubtable = "string",
EventManagement = "string",
ExtensionAccess = "string",
FabricViewer = "string",
FgdCenter = "string",
FgdCenterAdvanced = "string",
FgdCenterFmwMgmt = "string",
FgdCenterLicensing = "string",
FgtGuiProxy = "string",
GlobalPolicyPackages = "string",
ImportPolicyPackages = "string",
IntfMapping = "string",
IpsBaselineCfg = "string",
IpsBaselineOvrd = "string",
IpsFilter = "string",
IpsLock = "string",
IpsObjects = "string",
Ipv6Trusthost1 = "string",
Ipv6Trusthost10 = "string",
Ipv6Trusthost2 = "string",
Ipv6Trusthost3 = "string",
Ipv6Trusthost4 = "string",
Ipv6Trusthost5 = "string",
Ipv6Trusthost6 = "string",
Ipv6Trusthost7 = "string",
Ipv6Trusthost8 = "string",
Ipv6Trusthost9 = "string",
LogViewer = "string",
PolicyIpsAttrs = "string",
PolicyObjects = "string",
Profileid = "string",
ReadPasswd = "string",
RealtimeMonitor = "string",
ReportViewer = "string",
RpcPermit = "string",
RunReport = "string",
Scope = "string",
ScriptAccess = "string",
SetInstallTargets = "string",
SuperUserProfile = "string",
SystemAdminProfileId = "string",
SystemSetting = "string",
TermAccess = "string",
TriageEvents = "string",
Trusthost1 = "string",
Trusthost10 = "string",
Trusthost2 = "string",
Trusthost3 = "string",
Trusthost4 = "string",
Trusthost5 = "string",
Trusthost6 = "string",
Trusthost7 = "string",
Trusthost8 = "string",
Trusthost9 = "string",
Type = "string",
UpdateIncidents = "string",
VpnManager = "string",
WebFilter = "string",
WritePasswdAccess = "string",
WritePasswdProfiles = new[]
{
new Fortimanager.Inputs.SystemAdminProfileWritePasswdProfileArgs
{
Profileid = "string",
},
},
WritePasswdUserLists = new[]
{
new Fortimanager.Inputs.SystemAdminProfileWritePasswdUserListArgs
{
Userid = "string",
},
},
});
example, err := fortimanager.NewSystemAdminProfile(ctx, "systemAdminProfileResource", &fortimanager.SystemAdminProfileArgs{
AdomAdmin: pulumi.String("string"),
AdomLock: pulumi.String("string"),
AdomPolicyPackages: pulumi.String("string"),
AdomSwitch: pulumi.String("string"),
AllowToInstall: pulumi.String("string"),
AppFilter: pulumi.String("string"),
Assignment: pulumi.String("string"),
ChangePassword: pulumi.String("string"),
ConfigRetrieve: pulumi.String("string"),
ConfigRevert: pulumi.String("string"),
ConsistencyCheck: pulumi.String("string"),
Datamask: pulumi.String("string"),
DatamaskCustomFields: .SystemAdminProfileDatamaskCustomFieldArray{
&.SystemAdminProfileDatamaskCustomFieldArgs{
FieldCategories: pulumi.StringArray{
pulumi.String("string"),
},
FieldName: pulumi.String("string"),
FieldStatus: pulumi.String("string"),
FieldType: pulumi.String("string"),
},
},
DatamaskCustomPriority: pulumi.String("string"),
DatamaskFields: pulumi.StringArray{
pulumi.String("string"),
},
DatamaskKeys: pulumi.StringArray{
pulumi.String("string"),
},
DatamaskUnmaskedTime: pulumi.Float64(0),
DeployManagement: pulumi.String("string"),
Description: pulumi.String("string"),
DeviceAp: pulumi.String("string"),
DeviceConfig: pulumi.String("string"),
DeviceForticlient: pulumi.String("string"),
DeviceFortiextender: pulumi.String("string"),
DeviceFortiswitch: pulumi.String("string"),
DeviceManager: pulumi.String("string"),
DeviceOp: pulumi.String("string"),
DevicePolicyPackageLock: pulumi.String("string"),
DeviceProfile: pulumi.String("string"),
DeviceRevisionDeletion: pulumi.String("string"),
DeviceWanLinkLoadBalance: pulumi.String("string"),
DynamicSortSubtable: pulumi.String("string"),
EventManagement: pulumi.String("string"),
ExtensionAccess: pulumi.String("string"),
FabricViewer: pulumi.String("string"),
FgdCenter: pulumi.String("string"),
FgdCenterAdvanced: pulumi.String("string"),
FgdCenterFmwMgmt: pulumi.String("string"),
FgdCenterLicensing: pulumi.String("string"),
FgtGuiProxy: pulumi.String("string"),
GlobalPolicyPackages: pulumi.String("string"),
ImportPolicyPackages: pulumi.String("string"),
IntfMapping: pulumi.String("string"),
IpsBaselineCfg: pulumi.String("string"),
IpsBaselineOvrd: pulumi.String("string"),
IpsFilter: pulumi.String("string"),
IpsLock: pulumi.String("string"),
IpsObjects: pulumi.String("string"),
Ipv6Trusthost1: pulumi.String("string"),
Ipv6Trusthost10: pulumi.String("string"),
Ipv6Trusthost2: pulumi.String("string"),
Ipv6Trusthost3: pulumi.String("string"),
Ipv6Trusthost4: pulumi.String("string"),
Ipv6Trusthost5: pulumi.String("string"),
Ipv6Trusthost6: pulumi.String("string"),
Ipv6Trusthost7: pulumi.String("string"),
Ipv6Trusthost8: pulumi.String("string"),
Ipv6Trusthost9: pulumi.String("string"),
LogViewer: pulumi.String("string"),
PolicyIpsAttrs: pulumi.String("string"),
PolicyObjects: pulumi.String("string"),
Profileid: pulumi.String("string"),
ReadPasswd: pulumi.String("string"),
RealtimeMonitor: pulumi.String("string"),
ReportViewer: pulumi.String("string"),
RpcPermit: pulumi.String("string"),
RunReport: pulumi.String("string"),
Scope: pulumi.String("string"),
ScriptAccess: pulumi.String("string"),
SetInstallTargets: pulumi.String("string"),
SuperUserProfile: pulumi.String("string"),
SystemAdminProfileId: pulumi.String("string"),
SystemSetting: pulumi.String("string"),
TermAccess: pulumi.String("string"),
TriageEvents: pulumi.String("string"),
Trusthost1: pulumi.String("string"),
Trusthost10: pulumi.String("string"),
Trusthost2: pulumi.String("string"),
Trusthost3: pulumi.String("string"),
Trusthost4: pulumi.String("string"),
Trusthost5: pulumi.String("string"),
Trusthost6: pulumi.String("string"),
Trusthost7: pulumi.String("string"),
Trusthost8: pulumi.String("string"),
Trusthost9: pulumi.String("string"),
Type: pulumi.String("string"),
UpdateIncidents: pulumi.String("string"),
VpnManager: pulumi.String("string"),
WebFilter: pulumi.String("string"),
WritePasswdAccess: pulumi.String("string"),
WritePasswdProfiles: .SystemAdminProfileWritePasswdProfileArray{
&.SystemAdminProfileWritePasswdProfileArgs{
Profileid: pulumi.String("string"),
},
},
WritePasswdUserLists: .SystemAdminProfileWritePasswdUserListTypeArray{
&.SystemAdminProfileWritePasswdUserListTypeArgs{
Userid: pulumi.String("string"),
},
},
})
var systemAdminProfileResource = new SystemAdminProfile("systemAdminProfileResource", SystemAdminProfileArgs.builder()
.adomAdmin("string")
.adomLock("string")
.adomPolicyPackages("string")
.adomSwitch("string")
.allowToInstall("string")
.appFilter("string")
.assignment("string")
.changePassword("string")
.configRetrieve("string")
.configRevert("string")
.consistencyCheck("string")
.datamask("string")
.datamaskCustomFields(SystemAdminProfileDatamaskCustomFieldArgs.builder()
.fieldCategories("string")
.fieldName("string")
.fieldStatus("string")
.fieldType("string")
.build())
.datamaskCustomPriority("string")
.datamaskFields("string")
.datamaskKeys("string")
.datamaskUnmaskedTime(0)
.deployManagement("string")
.description("string")
.deviceAp("string")
.deviceConfig("string")
.deviceForticlient("string")
.deviceFortiextender("string")
.deviceFortiswitch("string")
.deviceManager("string")
.deviceOp("string")
.devicePolicyPackageLock("string")
.deviceProfile("string")
.deviceRevisionDeletion("string")
.deviceWanLinkLoadBalance("string")
.dynamicSortSubtable("string")
.eventManagement("string")
.extensionAccess("string")
.fabricViewer("string")
.fgdCenter("string")
.fgdCenterAdvanced("string")
.fgdCenterFmwMgmt("string")
.fgdCenterLicensing("string")
.fgtGuiProxy("string")
.globalPolicyPackages("string")
.importPolicyPackages("string")
.intfMapping("string")
.ipsBaselineCfg("string")
.ipsBaselineOvrd("string")
.ipsFilter("string")
.ipsLock("string")
.ipsObjects("string")
.ipv6Trusthost1("string")
.ipv6Trusthost10("string")
.ipv6Trusthost2("string")
.ipv6Trusthost3("string")
.ipv6Trusthost4("string")
.ipv6Trusthost5("string")
.ipv6Trusthost6("string")
.ipv6Trusthost7("string")
.ipv6Trusthost8("string")
.ipv6Trusthost9("string")
.logViewer("string")
.policyIpsAttrs("string")
.policyObjects("string")
.profileid("string")
.readPasswd("string")
.realtimeMonitor("string")
.reportViewer("string")
.rpcPermit("string")
.runReport("string")
.scope("string")
.scriptAccess("string")
.setInstallTargets("string")
.superUserProfile("string")
.systemAdminProfileId("string")
.systemSetting("string")
.termAccess("string")
.triageEvents("string")
.trusthost1("string")
.trusthost10("string")
.trusthost2("string")
.trusthost3("string")
.trusthost4("string")
.trusthost5("string")
.trusthost6("string")
.trusthost7("string")
.trusthost8("string")
.trusthost9("string")
.type("string")
.updateIncidents("string")
.vpnManager("string")
.webFilter("string")
.writePasswdAccess("string")
.writePasswdProfiles(SystemAdminProfileWritePasswdProfileArgs.builder()
.profileid("string")
.build())
.writePasswdUserLists(SystemAdminProfileWritePasswdUserListArgs.builder()
.userid("string")
.build())
.build());
system_admin_profile_resource = fortimanager.SystemAdminProfile("systemAdminProfileResource",
adom_admin="string",
adom_lock="string",
adom_policy_packages="string",
adom_switch="string",
allow_to_install="string",
app_filter="string",
assignment="string",
change_password="string",
config_retrieve="string",
config_revert="string",
consistency_check="string",
datamask="string",
datamask_custom_fields=[{
"field_categories": ["string"],
"field_name": "string",
"field_status": "string",
"field_type": "string",
}],
datamask_custom_priority="string",
datamask_fields=["string"],
datamask_keys=["string"],
datamask_unmasked_time=0,
deploy_management="string",
description="string",
device_ap="string",
device_config="string",
device_forticlient="string",
device_fortiextender="string",
device_fortiswitch="string",
device_manager="string",
device_op="string",
device_policy_package_lock="string",
device_profile="string",
device_revision_deletion="string",
device_wan_link_load_balance="string",
dynamic_sort_subtable="string",
event_management="string",
extension_access="string",
fabric_viewer="string",
fgd_center="string",
fgd_center_advanced="string",
fgd_center_fmw_mgmt="string",
fgd_center_licensing="string",
fgt_gui_proxy="string",
global_policy_packages="string",
import_policy_packages="string",
intf_mapping="string",
ips_baseline_cfg="string",
ips_baseline_ovrd="string",
ips_filter="string",
ips_lock="string",
ips_objects="string",
ipv6_trusthost1="string",
ipv6_trusthost10="string",
ipv6_trusthost2="string",
ipv6_trusthost3="string",
ipv6_trusthost4="string",
ipv6_trusthost5="string",
ipv6_trusthost6="string",
ipv6_trusthost7="string",
ipv6_trusthost8="string",
ipv6_trusthost9="string",
log_viewer="string",
policy_ips_attrs="string",
policy_objects="string",
profileid="string",
read_passwd="string",
realtime_monitor="string",
report_viewer="string",
rpc_permit="string",
run_report="string",
scope="string",
script_access="string",
set_install_targets="string",
super_user_profile="string",
system_admin_profile_id="string",
system_setting="string",
term_access="string",
triage_events="string",
trusthost1="string",
trusthost10="string",
trusthost2="string",
trusthost3="string",
trusthost4="string",
trusthost5="string",
trusthost6="string",
trusthost7="string",
trusthost8="string",
trusthost9="string",
type="string",
update_incidents="string",
vpn_manager="string",
web_filter="string",
write_passwd_access="string",
write_passwd_profiles=[{
"profileid": "string",
}],
write_passwd_user_lists=[{
"userid": "string",
}])
const systemAdminProfileResource = new fortimanager.SystemAdminProfile("systemAdminProfileResource", {
adomAdmin: "string",
adomLock: "string",
adomPolicyPackages: "string",
adomSwitch: "string",
allowToInstall: "string",
appFilter: "string",
assignment: "string",
changePassword: "string",
configRetrieve: "string",
configRevert: "string",
consistencyCheck: "string",
datamask: "string",
datamaskCustomFields: [{
fieldCategories: ["string"],
fieldName: "string",
fieldStatus: "string",
fieldType: "string",
}],
datamaskCustomPriority: "string",
datamaskFields: ["string"],
datamaskKeys: ["string"],
datamaskUnmaskedTime: 0,
deployManagement: "string",
description: "string",
deviceAp: "string",
deviceConfig: "string",
deviceForticlient: "string",
deviceFortiextender: "string",
deviceFortiswitch: "string",
deviceManager: "string",
deviceOp: "string",
devicePolicyPackageLock: "string",
deviceProfile: "string",
deviceRevisionDeletion: "string",
deviceWanLinkLoadBalance: "string",
dynamicSortSubtable: "string",
eventManagement: "string",
extensionAccess: "string",
fabricViewer: "string",
fgdCenter: "string",
fgdCenterAdvanced: "string",
fgdCenterFmwMgmt: "string",
fgdCenterLicensing: "string",
fgtGuiProxy: "string",
globalPolicyPackages: "string",
importPolicyPackages: "string",
intfMapping: "string",
ipsBaselineCfg: "string",
ipsBaselineOvrd: "string",
ipsFilter: "string",
ipsLock: "string",
ipsObjects: "string",
ipv6Trusthost1: "string",
ipv6Trusthost10: "string",
ipv6Trusthost2: "string",
ipv6Trusthost3: "string",
ipv6Trusthost4: "string",
ipv6Trusthost5: "string",
ipv6Trusthost6: "string",
ipv6Trusthost7: "string",
ipv6Trusthost8: "string",
ipv6Trusthost9: "string",
logViewer: "string",
policyIpsAttrs: "string",
policyObjects: "string",
profileid: "string",
readPasswd: "string",
realtimeMonitor: "string",
reportViewer: "string",
rpcPermit: "string",
runReport: "string",
scope: "string",
scriptAccess: "string",
setInstallTargets: "string",
superUserProfile: "string",
systemAdminProfileId: "string",
systemSetting: "string",
termAccess: "string",
triageEvents: "string",
trusthost1: "string",
trusthost10: "string",
trusthost2: "string",
trusthost3: "string",
trusthost4: "string",
trusthost5: "string",
trusthost6: "string",
trusthost7: "string",
trusthost8: "string",
trusthost9: "string",
type: "string",
updateIncidents: "string",
vpnManager: "string",
webFilter: "string",
writePasswdAccess: "string",
writePasswdProfiles: [{
profileid: "string",
}],
writePasswdUserLists: [{
userid: "string",
}],
});
type: fortimanager:SystemAdminProfile
properties:
adomAdmin: string
adomLock: string
adomPolicyPackages: string
adomSwitch: string
allowToInstall: string
appFilter: string
assignment: string
changePassword: string
configRetrieve: string
configRevert: string
consistencyCheck: string
datamask: string
datamaskCustomFields:
- fieldCategories:
- string
fieldName: string
fieldStatus: string
fieldType: string
datamaskCustomPriority: string
datamaskFields:
- string
datamaskKeys:
- string
datamaskUnmaskedTime: 0
deployManagement: string
description: string
deviceAp: string
deviceConfig: string
deviceForticlient: string
deviceFortiextender: string
deviceFortiswitch: string
deviceManager: string
deviceOp: string
devicePolicyPackageLock: string
deviceProfile: string
deviceRevisionDeletion: string
deviceWanLinkLoadBalance: string
dynamicSortSubtable: string
eventManagement: string
extensionAccess: string
fabricViewer: string
fgdCenter: string
fgdCenterAdvanced: string
fgdCenterFmwMgmt: string
fgdCenterLicensing: string
fgtGuiProxy: string
globalPolicyPackages: string
importPolicyPackages: string
intfMapping: string
ipsBaselineCfg: string
ipsBaselineOvrd: string
ipsFilter: string
ipsLock: string
ipsObjects: string
ipv6Trusthost1: string
ipv6Trusthost2: string
ipv6Trusthost3: string
ipv6Trusthost4: string
ipv6Trusthost5: string
ipv6Trusthost6: string
ipv6Trusthost7: string
ipv6Trusthost8: string
ipv6Trusthost9: string
ipv6Trusthost10: string
logViewer: string
policyIpsAttrs: string
policyObjects: string
profileid: string
readPasswd: string
realtimeMonitor: string
reportViewer: string
rpcPermit: string
runReport: string
scope: string
scriptAccess: string
setInstallTargets: string
superUserProfile: string
systemAdminProfileId: string
systemSetting: string
termAccess: string
triageEvents: string
trusthost1: string
trusthost2: string
trusthost3: string
trusthost4: string
trusthost5: string
trusthost6: string
trusthost7: string
trusthost8: string
trusthost9: string
trusthost10: string
type: string
updateIncidents: string
vpnManager: string
webFilter: string
writePasswdAccess: string
writePasswdProfiles:
- profileid: string
writePasswdUserLists:
- userid: string
SystemAdminProfile Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SystemAdminProfile resource accepts the following input properties:
- Adom
Admin string - Enable Adom Admin. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - Adom
Lock string - ADOM locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Adom
Policy stringPackages - ADOM policy packages. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Adom
Switch string - Administrator domain. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Allow
To stringInstall - Enable/disable the restricted user to install objects to the devices. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - App
Filter string - App filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - Assignment string
- Assignment permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Change
Password string - Enable/disable the user to change self password. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - Config
Retrieve string - Configuration retrieve. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Config
Revert string - Revert Configuration from Revision History none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Consistency
Check string - Consistency check. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Datamask string
- Enable/disable data masking. disable - Disable data masking. enable - Enable data masking. Valid values:
disable,enable. - Datamask
Custom List<SystemFields Admin Profile Datamask Custom Field> - Datamask-Custom-Fields. The structure of
datamask_custom_fieldsblock is documented below. - Datamask
Custom stringPriority - Prioritize custom fields. disable - Disable custom field search priority. enable - Enable custom field search priority. Valid values:
disable,enable. - Datamask
Fields List<string> - Data masking fields. user - User name. srcip - Source IP. srcname - Source name. srcmac - Source MAC. dstip - Destination IP. dstname - Dst name. email - Email. message - Message. domain - Domain. Valid values:
user,srcip,srcname,srcmac,dstip,dstname,email,message,domain. - Datamask
Keys List<string> - Data masking encryption key.
- Datamask
Unmasked doubleTime - Time in days without data masking.
- Deploy
Management string - Install to devices. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Description string
- Description.
- Device
Ap string - Manage AP. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Config string - Manage device configurations. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Forticlient string - Manage FortiClient. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Fortiextender string - Manage FortiExtender. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Fortiswitch string - Manage FortiSwitch. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Manager string - Device manager. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Op string - Device add/delete/edit. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Policy stringPackage Lock - Device/Policy Package locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Profile string - Device profile permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Revision stringDeletion - Delete device revision. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Wan stringLink Load Balance - Manage WAN link load balance. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Event
Management string - Event management. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Extension
Access string - Manage extension access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Fabric
Viewer string - Fabric viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Fgd
Center string - FortiGuard Center. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Fgd
Center stringAdvanced - FortiGuard Center Advanced. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Fgd
Center stringFmw Mgmt - FortiGuard Center Firmware Management. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Fgd
Center stringLicensing - FortiGuard Center Licensing. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Fgt
Gui stringProxy - FortiGate GUI proxy. disable - No permission. enable - With permission. Valid values:
disable,enable. - Global
Policy stringPackages - Global policy packages. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Import
Policy stringPackages - Import Policy Package. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Intf
Mapping string - Interface Mapping none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Ips
Baseline stringCfg - Ips baseline sensor configration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Ips
Baseline stringOvrd - Enable/disable override baseline ips sensor. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - Ips
Filter string - IPS filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - Ips
Lock string - IPS locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Ips
Objects string - Ips objects configuration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Ipv6Trusthost1 string
- Admin user trusted host IPv6, default ::/0 for all.
- Ipv6Trusthost10 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost2 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost3 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost4 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost5 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost6 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost7 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost8 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost9 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Log
Viewer string - Log viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Policy
Ips stringAttrs - Policy ips attributes configuration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Policy
Objects string - Policy objects permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Profileid string
- Profile ID.
- Read
Passwd string - View password in clear text. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Realtime
Monitor string - Realtime monitor. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Report
Viewer string - Report viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Rpc
Permit string - Set none/read/read-write rpc-permission read-write - Read-write permission. none - No permission. read - Read-only permission. Valid values:
read-write,none,read. - Run
Report string - Run reports. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Scope string
- Scope. global - Global scope. adom - ADOM scope. Valid values:
global,adom. - Script
Access string - Script access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Set
Install stringTargets - Edit installation targets. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Super
User stringProfile - Enable/disable super user profile disable - Disable super user profile enable - Enable super user profile Valid values:
disable,enable. - System
Admin stringProfile Id - an identifier for the resource with format {{profileid}}.
- System
Setting string - System setting. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Term
Access string - Terminal access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Triage
Events string - Triage events. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Trusthost1 string
- Admin user trusted host IP, default 0.0.0.0 0.0.0.0 for all.
- Trusthost10 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost2 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost3 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost4 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost5 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost6 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost7 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost8 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost9 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Type string
- profile type. system - System admin. restricted - Restricted admin. Valid values:
system,restricted. - Update
Incidents string - Create/update incidents. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Vpn
Manager string - VPN manager. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Web
Filter string - Web filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - Write
Passwd stringAccess - set all/specify-by-user/specify-by-profile write password access mode. all - All except super users. specify-by-user - Specify by user. specify-by-profile - Specify by profile. Valid values:
all,specify-by-user,specify-by-profile. - Write
Passwd List<SystemProfiles Admin Profile Write Passwd Profile> - Write-Passwd-Profiles. The structure of
write_passwd_profilesblock is documented below. - Write
Passwd List<SystemUser Lists Admin Profile Write Passwd User List> - Write-Passwd-User-List. The structure of
write_passwd_user_listblock is documented below.
- Adom
Admin string - Enable Adom Admin. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - Adom
Lock string - ADOM locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Adom
Policy stringPackages - ADOM policy packages. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Adom
Switch string - Administrator domain. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Allow
To stringInstall - Enable/disable the restricted user to install objects to the devices. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - App
Filter string - App filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - Assignment string
- Assignment permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Change
Password string - Enable/disable the user to change self password. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - Config
Retrieve string - Configuration retrieve. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Config
Revert string - Revert Configuration from Revision History none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Consistency
Check string - Consistency check. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Datamask string
- Enable/disable data masking. disable - Disable data masking. enable - Enable data masking. Valid values:
disable,enable. - Datamask
Custom []SystemFields Admin Profile Datamask Custom Field Args - Datamask-Custom-Fields. The structure of
datamask_custom_fieldsblock is documented below. - Datamask
Custom stringPriority - Prioritize custom fields. disable - Disable custom field search priority. enable - Enable custom field search priority. Valid values:
disable,enable. - Datamask
Fields []string - Data masking fields. user - User name. srcip - Source IP. srcname - Source name. srcmac - Source MAC. dstip - Destination IP. dstname - Dst name. email - Email. message - Message. domain - Domain. Valid values:
user,srcip,srcname,srcmac,dstip,dstname,email,message,domain. - Datamask
Keys []string - Data masking encryption key.
- Datamask
Unmasked float64Time - Time in days without data masking.
- Deploy
Management string - Install to devices. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Description string
- Description.
- Device
Ap string - Manage AP. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Config string - Manage device configurations. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Forticlient string - Manage FortiClient. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Fortiextender string - Manage FortiExtender. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Fortiswitch string - Manage FortiSwitch. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Manager string - Device manager. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Op string - Device add/delete/edit. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Policy stringPackage Lock - Device/Policy Package locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Profile string - Device profile permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Revision stringDeletion - Delete device revision. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Wan stringLink Load Balance - Manage WAN link load balance. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Event
Management string - Event management. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Extension
Access string - Manage extension access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Fabric
Viewer string - Fabric viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Fgd
Center string - FortiGuard Center. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Fgd
Center stringAdvanced - FortiGuard Center Advanced. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Fgd
Center stringFmw Mgmt - FortiGuard Center Firmware Management. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Fgd
Center stringLicensing - FortiGuard Center Licensing. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Fgt
Gui stringProxy - FortiGate GUI proxy. disable - No permission. enable - With permission. Valid values:
disable,enable. - Global
Policy stringPackages - Global policy packages. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Import
Policy stringPackages - Import Policy Package. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Intf
Mapping string - Interface Mapping none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Ips
Baseline stringCfg - Ips baseline sensor configration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Ips
Baseline stringOvrd - Enable/disable override baseline ips sensor. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - Ips
Filter string - IPS filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - Ips
Lock string - IPS locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Ips
Objects string - Ips objects configuration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Ipv6Trusthost1 string
- Admin user trusted host IPv6, default ::/0 for all.
- Ipv6Trusthost10 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost2 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost3 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost4 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost5 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost6 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost7 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost8 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost9 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Log
Viewer string - Log viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Policy
Ips stringAttrs - Policy ips attributes configuration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Policy
Objects string - Policy objects permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Profileid string
- Profile ID.
- Read
Passwd string - View password in clear text. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Realtime
Monitor string - Realtime monitor. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Report
Viewer string - Report viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Rpc
Permit string - Set none/read/read-write rpc-permission read-write - Read-write permission. none - No permission. read - Read-only permission. Valid values:
read-write,none,read. - Run
Report string - Run reports. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Scope string
- Scope. global - Global scope. adom - ADOM scope. Valid values:
global,adom. - Script
Access string - Script access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Set
Install stringTargets - Edit installation targets. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Super
User stringProfile - Enable/disable super user profile disable - Disable super user profile enable - Enable super user profile Valid values:
disable,enable. - System
Admin stringProfile Id - an identifier for the resource with format {{profileid}}.
- System
Setting string - System setting. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Term
Access string - Terminal access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Triage
Events string - Triage events. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Trusthost1 string
- Admin user trusted host IP, default 0.0.0.0 0.0.0.0 for all.
- Trusthost10 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost2 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost3 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost4 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost5 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost6 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost7 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost8 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost9 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Type string
- profile type. system - System admin. restricted - Restricted admin. Valid values:
system,restricted. - Update
Incidents string - Create/update incidents. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Vpn
Manager string - VPN manager. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Web
Filter string - Web filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - Write
Passwd stringAccess - set all/specify-by-user/specify-by-profile write password access mode. all - All except super users. specify-by-user - Specify by user. specify-by-profile - Specify by profile. Valid values:
all,specify-by-user,specify-by-profile. - Write
Passwd []SystemProfiles Admin Profile Write Passwd Profile Args - Write-Passwd-Profiles. The structure of
write_passwd_profilesblock is documented below. - Write
Passwd []SystemUser Lists Admin Profile Write Passwd User List Type Args - Write-Passwd-User-List. The structure of
write_passwd_user_listblock is documented below.
- adom
Admin String - Enable Adom Admin. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - adom
Lock String - ADOM locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - adom
Policy StringPackages - ADOM policy packages. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - adom
Switch String - Administrator domain. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - allow
To StringInstall - Enable/disable the restricted user to install objects to the devices. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - app
Filter String - App filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - assignment String
- Assignment permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - change
Password String - Enable/disable the user to change self password. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - config
Retrieve String - Configuration retrieve. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - config
Revert String - Revert Configuration from Revision History none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - consistency
Check String - Consistency check. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - datamask String
- Enable/disable data masking. disable - Disable data masking. enable - Enable data masking. Valid values:
disable,enable. - datamask
Custom List<SystemFields Admin Profile Datamask Custom Field> - Datamask-Custom-Fields. The structure of
datamask_custom_fieldsblock is documented below. - datamask
Custom StringPriority - Prioritize custom fields. disable - Disable custom field search priority. enable - Enable custom field search priority. Valid values:
disable,enable. - datamask
Fields List<String> - Data masking fields. user - User name. srcip - Source IP. srcname - Source name. srcmac - Source MAC. dstip - Destination IP. dstname - Dst name. email - Email. message - Message. domain - Domain. Valid values:
user,srcip,srcname,srcmac,dstip,dstname,email,message,domain. - datamask
Keys List<String> - Data masking encryption key.
- datamask
Unmasked DoubleTime - Time in days without data masking.
- deploy
Management String - Install to devices. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - description String
- Description.
- device
Ap String - Manage AP. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Config String - Manage device configurations. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Forticlient String - Manage FortiClient. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Fortiextender String - Manage FortiExtender. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Fortiswitch String - Manage FortiSwitch. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Manager String - Device manager. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Op String - Device add/delete/edit. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Policy StringPackage Lock - Device/Policy Package locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Profile String - Device profile permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Revision StringDeletion - Delete device revision. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Wan StringLink Load Balance - Manage WAN link load balance. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- event
Management String - Event management. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - extension
Access String - Manage extension access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fabric
Viewer String - Fabric viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd
Center String - FortiGuard Center. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd
Center StringAdvanced - FortiGuard Center Advanced. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd
Center StringFmw Mgmt - FortiGuard Center Firmware Management. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd
Center StringLicensing - FortiGuard Center Licensing. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgt
Gui StringProxy - FortiGate GUI proxy. disable - No permission. enable - With permission. Valid values:
disable,enable. - global
Policy StringPackages - Global policy packages. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - import
Policy StringPackages - Import Policy Package. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - intf
Mapping String - Interface Mapping none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ips
Baseline StringCfg - Ips baseline sensor configration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ips
Baseline StringOvrd - Enable/disable override baseline ips sensor. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - ips
Filter String - IPS filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - ips
Lock String - IPS locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ips
Objects String - Ips objects configuration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ipv6Trusthost1 String
- Admin user trusted host IPv6, default ::/0 for all.
- ipv6Trusthost10 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost2 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost3 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost4 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost5 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost6 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost7 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost8 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost9 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- log
Viewer String - Log viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - policy
Ips StringAttrs - Policy ips attributes configuration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - policy
Objects String - Policy objects permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - profileid String
- Profile ID.
- read
Passwd String - View password in clear text. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - realtime
Monitor String - Realtime monitor. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - report
Viewer String - Report viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - rpc
Permit String - Set none/read/read-write rpc-permission read-write - Read-write permission. none - No permission. read - Read-only permission. Valid values:
read-write,none,read. - run
Report String - Run reports. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - scope String
- Scope. global - Global scope. adom - ADOM scope. Valid values:
global,adom. - script
Access String - Script access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - set
Install StringTargets - Edit installation targets. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - super
User StringProfile - Enable/disable super user profile disable - Disable super user profile enable - Enable super user profile Valid values:
disable,enable. - system
Admin StringProfile Id - an identifier for the resource with format {{profileid}}.
- system
Setting String - System setting. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - term
Access String - Terminal access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - triage
Events String - Triage events. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - trusthost1 String
- Admin user trusted host IP, default 0.0.0.0 0.0.0.0 for all.
- trusthost10 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost2 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost3 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost4 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost5 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost6 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost7 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost8 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost9 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- type String
- profile type. system - System admin. restricted - Restricted admin. Valid values:
system,restricted. - update
Incidents String - Create/update incidents. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - vpn
Manager String - VPN manager. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - web
Filter String - Web filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - write
Passwd StringAccess - set all/specify-by-user/specify-by-profile write password access mode. all - All except super users. specify-by-user - Specify by user. specify-by-profile - Specify by profile. Valid values:
all,specify-by-user,specify-by-profile. - write
Passwd List<SystemProfiles Admin Profile Write Passwd Profile> - Write-Passwd-Profiles. The structure of
write_passwd_profilesblock is documented below. - write
Passwd List<SystemUser Lists Admin Profile Write Passwd User List> - Write-Passwd-User-List. The structure of
write_passwd_user_listblock is documented below.
- adom
Admin string - Enable Adom Admin. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - adom
Lock string - ADOM locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - adom
Policy stringPackages - ADOM policy packages. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - adom
Switch string - Administrator domain. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - allow
To stringInstall - Enable/disable the restricted user to install objects to the devices. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - app
Filter string - App filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - assignment string
- Assignment permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - change
Password string - Enable/disable the user to change self password. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - config
Retrieve string - Configuration retrieve. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - config
Revert string - Revert Configuration from Revision History none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - consistency
Check string - Consistency check. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - datamask string
- Enable/disable data masking. disable - Disable data masking. enable - Enable data masking. Valid values:
disable,enable. - datamask
Custom SystemFields Admin Profile Datamask Custom Field[] - Datamask-Custom-Fields. The structure of
datamask_custom_fieldsblock is documented below. - datamask
Custom stringPriority - Prioritize custom fields. disable - Disable custom field search priority. enable - Enable custom field search priority. Valid values:
disable,enable. - datamask
Fields string[] - Data masking fields. user - User name. srcip - Source IP. srcname - Source name. srcmac - Source MAC. dstip - Destination IP. dstname - Dst name. email - Email. message - Message. domain - Domain. Valid values:
user,srcip,srcname,srcmac,dstip,dstname,email,message,domain. - datamask
Keys string[] - Data masking encryption key.
- datamask
Unmasked numberTime - Time in days without data masking.
- deploy
Management string - Install to devices. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - description string
- Description.
- device
Ap string - Manage AP. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Config string - Manage device configurations. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Forticlient string - Manage FortiClient. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Fortiextender string - Manage FortiExtender. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Fortiswitch string - Manage FortiSwitch. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Manager string - Device manager. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Op string - Device add/delete/edit. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Policy stringPackage Lock - Device/Policy Package locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Profile string - Device profile permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Revision stringDeletion - Delete device revision. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Wan stringLink Load Balance - Manage WAN link load balance. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- event
Management string - Event management. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - extension
Access string - Manage extension access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fabric
Viewer string - Fabric viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd
Center string - FortiGuard Center. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd
Center stringAdvanced - FortiGuard Center Advanced. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd
Center stringFmw Mgmt - FortiGuard Center Firmware Management. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd
Center stringLicensing - FortiGuard Center Licensing. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgt
Gui stringProxy - FortiGate GUI proxy. disable - No permission. enable - With permission. Valid values:
disable,enable. - global
Policy stringPackages - Global policy packages. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - import
Policy stringPackages - Import Policy Package. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - intf
Mapping string - Interface Mapping none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ips
Baseline stringCfg - Ips baseline sensor configration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ips
Baseline stringOvrd - Enable/disable override baseline ips sensor. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - ips
Filter string - IPS filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - ips
Lock string - IPS locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ips
Objects string - Ips objects configuration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ipv6Trusthost1 string
- Admin user trusted host IPv6, default ::/0 for all.
- ipv6Trusthost10 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost2 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost3 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost4 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost5 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost6 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost7 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost8 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost9 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- log
Viewer string - Log viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - policy
Ips stringAttrs - Policy ips attributes configuration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - policy
Objects string - Policy objects permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - profileid string
- Profile ID.
- read
Passwd string - View password in clear text. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - realtime
Monitor string - Realtime monitor. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - report
Viewer string - Report viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - rpc
Permit string - Set none/read/read-write rpc-permission read-write - Read-write permission. none - No permission. read - Read-only permission. Valid values:
read-write,none,read. - run
Report string - Run reports. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - scope string
- Scope. global - Global scope. adom - ADOM scope. Valid values:
global,adom. - script
Access string - Script access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - set
Install stringTargets - Edit installation targets. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - super
User stringProfile - Enable/disable super user profile disable - Disable super user profile enable - Enable super user profile Valid values:
disable,enable. - system
Admin stringProfile Id - an identifier for the resource with format {{profileid}}.
- system
Setting string - System setting. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - term
Access string - Terminal access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - triage
Events string - Triage events. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - trusthost1 string
- Admin user trusted host IP, default 0.0.0.0 0.0.0.0 for all.
- trusthost10 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost2 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost3 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost4 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost5 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost6 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost7 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost8 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost9 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- type string
- profile type. system - System admin. restricted - Restricted admin. Valid values:
system,restricted. - update
Incidents string - Create/update incidents. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - vpn
Manager string - VPN manager. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - web
Filter string - Web filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - write
Passwd stringAccess - set all/specify-by-user/specify-by-profile write password access mode. all - All except super users. specify-by-user - Specify by user. specify-by-profile - Specify by profile. Valid values:
all,specify-by-user,specify-by-profile. - write
Passwd SystemProfiles Admin Profile Write Passwd Profile[] - Write-Passwd-Profiles. The structure of
write_passwd_profilesblock is documented below. - write
Passwd SystemUser Lists Admin Profile Write Passwd User List[] - Write-Passwd-User-List. The structure of
write_passwd_user_listblock is documented below.
- adom_
admin str - Enable Adom Admin. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - adom_
lock str - ADOM locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - adom_
policy_ strpackages - ADOM policy packages. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - adom_
switch str - Administrator domain. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - allow_
to_ strinstall - Enable/disable the restricted user to install objects to the devices. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - app_
filter str - App filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - assignment str
- Assignment permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - change_
password str - Enable/disable the user to change self password. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - config_
retrieve str - Configuration retrieve. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - config_
revert str - Revert Configuration from Revision History none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - consistency_
check str - Consistency check. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - datamask str
- Enable/disable data masking. disable - Disable data masking. enable - Enable data masking. Valid values:
disable,enable. - datamask_
custom_ Sequence[Systemfields Admin Profile Datamask Custom Field Args] - Datamask-Custom-Fields. The structure of
datamask_custom_fieldsblock is documented below. - datamask_
custom_ strpriority - Prioritize custom fields. disable - Disable custom field search priority. enable - Enable custom field search priority. Valid values:
disable,enable. - datamask_
fields Sequence[str] - Data masking fields. user - User name. srcip - Source IP. srcname - Source name. srcmac - Source MAC. dstip - Destination IP. dstname - Dst name. email - Email. message - Message. domain - Domain. Valid values:
user,srcip,srcname,srcmac,dstip,dstname,email,message,domain. - datamask_
keys Sequence[str] - Data masking encryption key.
- datamask_
unmasked_ floattime - Time in days without data masking.
- deploy_
management str - Install to devices. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - description str
- Description.
- device_
ap str - Manage AP. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device_
config str - Manage device configurations. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device_
forticlient str - Manage FortiClient. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device_
fortiextender str - Manage FortiExtender. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device_
fortiswitch str - Manage FortiSwitch. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device_
manager str - Device manager. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device_
op str - Device add/delete/edit. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device_
policy_ strpackage_ lock - Device/Policy Package locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device_
profile str - Device profile permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device_
revision_ strdeletion - Delete device revision. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device_
wan_ strlink_ load_ balance - Manage WAN link load balance. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - dynamic_
sort_ strsubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- event_
management str - Event management. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - extension_
access str - Manage extension access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fabric_
viewer str - Fabric viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd_
center str - FortiGuard Center. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd_
center_ stradvanced - FortiGuard Center Advanced. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd_
center_ strfmw_ mgmt - FortiGuard Center Firmware Management. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd_
center_ strlicensing - FortiGuard Center Licensing. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgt_
gui_ strproxy - FortiGate GUI proxy. disable - No permission. enable - With permission. Valid values:
disable,enable. - global_
policy_ strpackages - Global policy packages. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - import_
policy_ strpackages - Import Policy Package. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - intf_
mapping str - Interface Mapping none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ips_
baseline_ strcfg - Ips baseline sensor configration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ips_
baseline_ strovrd - Enable/disable override baseline ips sensor. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - ips_
filter str - IPS filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - ips_
lock str - IPS locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ips_
objects str - Ips objects configuration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ipv6_
trusthost1 str - Admin user trusted host IPv6, default ::/0 for all.
- ipv6_
trusthost10 str - Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6_
trusthost2 str - Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6_
trusthost3 str - Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6_
trusthost4 str - Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6_
trusthost5 str - Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6_
trusthost6 str - Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6_
trusthost7 str - Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6_
trusthost8 str - Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6_
trusthost9 str - Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- log_
viewer str - Log viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - policy_
ips_ strattrs - Policy ips attributes configuration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - policy_
objects str - Policy objects permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - profileid str
- Profile ID.
- read_
passwd str - View password in clear text. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - realtime_
monitor str - Realtime monitor. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - report_
viewer str - Report viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - rpc_
permit str - Set none/read/read-write rpc-permission read-write - Read-write permission. none - No permission. read - Read-only permission. Valid values:
read-write,none,read. - run_
report str - Run reports. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - scope str
- Scope. global - Global scope. adom - ADOM scope. Valid values:
global,adom. - script_
access str - Script access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - set_
install_ strtargets - Edit installation targets. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - super_
user_ strprofile - Enable/disable super user profile disable - Disable super user profile enable - Enable super user profile Valid values:
disable,enable. - system_
admin_ strprofile_ id - an identifier for the resource with format {{profileid}}.
- system_
setting str - System setting. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - term_
access str - Terminal access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - triage_
events str - Triage events. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - trusthost1 str
- Admin user trusted host IP, default 0.0.0.0 0.0.0.0 for all.
- trusthost10 str
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost2 str
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost3 str
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost4 str
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost5 str
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost6 str
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost7 str
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost8 str
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost9 str
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- type str
- profile type. system - System admin. restricted - Restricted admin. Valid values:
system,restricted. - update_
incidents str - Create/update incidents. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - vpn_
manager str - VPN manager. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - web_
filter str - Web filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - write_
passwd_ straccess - set all/specify-by-user/specify-by-profile write password access mode. all - All except super users. specify-by-user - Specify by user. specify-by-profile - Specify by profile. Valid values:
all,specify-by-user,specify-by-profile. - write_
passwd_ Sequence[Systemprofiles Admin Profile Write Passwd Profile Args] - Write-Passwd-Profiles. The structure of
write_passwd_profilesblock is documented below. - write_
passwd_ Sequence[Systemuser_ lists Admin Profile Write Passwd User List Args] - Write-Passwd-User-List. The structure of
write_passwd_user_listblock is documented below.
- adom
Admin String - Enable Adom Admin. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - adom
Lock String - ADOM locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - adom
Policy StringPackages - ADOM policy packages. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - adom
Switch String - Administrator domain. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - allow
To StringInstall - Enable/disable the restricted user to install objects to the devices. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - app
Filter String - App filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - assignment String
- Assignment permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - change
Password String - Enable/disable the user to change self password. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - config
Retrieve String - Configuration retrieve. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - config
Revert String - Revert Configuration from Revision History none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - consistency
Check String - Consistency check. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - datamask String
- Enable/disable data masking. disable - Disable data masking. enable - Enable data masking. Valid values:
disable,enable. - datamask
Custom List<Property Map>Fields - Datamask-Custom-Fields. The structure of
datamask_custom_fieldsblock is documented below. - datamask
Custom StringPriority - Prioritize custom fields. disable - Disable custom field search priority. enable - Enable custom field search priority. Valid values:
disable,enable. - datamask
Fields List<String> - Data masking fields. user - User name. srcip - Source IP. srcname - Source name. srcmac - Source MAC. dstip - Destination IP. dstname - Dst name. email - Email. message - Message. domain - Domain. Valid values:
user,srcip,srcname,srcmac,dstip,dstname,email,message,domain. - datamask
Keys List<String> - Data masking encryption key.
- datamask
Unmasked NumberTime - Time in days without data masking.
- deploy
Management String - Install to devices. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - description String
- Description.
- device
Ap String - Manage AP. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Config String - Manage device configurations. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Forticlient String - Manage FortiClient. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Fortiextender String - Manage FortiExtender. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Fortiswitch String - Manage FortiSwitch. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Manager String - Device manager. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Op String - Device add/delete/edit. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Policy StringPackage Lock - Device/Policy Package locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Profile String - Device profile permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Revision StringDeletion - Delete device revision. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Wan StringLink Load Balance - Manage WAN link load balance. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- event
Management String - Event management. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - extension
Access String - Manage extension access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fabric
Viewer String - Fabric viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd
Center String - FortiGuard Center. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd
Center StringAdvanced - FortiGuard Center Advanced. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd
Center StringFmw Mgmt - FortiGuard Center Firmware Management. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd
Center StringLicensing - FortiGuard Center Licensing. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgt
Gui StringProxy - FortiGate GUI proxy. disable - No permission. enable - With permission. Valid values:
disable,enable. - global
Policy StringPackages - Global policy packages. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - import
Policy StringPackages - Import Policy Package. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - intf
Mapping String - Interface Mapping none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ips
Baseline StringCfg - Ips baseline sensor configration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ips
Baseline StringOvrd - Enable/disable override baseline ips sensor. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - ips
Filter String - IPS filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - ips
Lock String - IPS locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ips
Objects String - Ips objects configuration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ipv6Trusthost1 String
- Admin user trusted host IPv6, default ::/0 for all.
- ipv6Trusthost10 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost2 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost3 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost4 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost5 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost6 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost7 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost8 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost9 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- log
Viewer String - Log viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - policy
Ips StringAttrs - Policy ips attributes configuration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - policy
Objects String - Policy objects permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - profileid String
- Profile ID.
- read
Passwd String - View password in clear text. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - realtime
Monitor String - Realtime monitor. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - report
Viewer String - Report viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - rpc
Permit String - Set none/read/read-write rpc-permission read-write - Read-write permission. none - No permission. read - Read-only permission. Valid values:
read-write,none,read. - run
Report String - Run reports. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - scope String
- Scope. global - Global scope. adom - ADOM scope. Valid values:
global,adom. - script
Access String - Script access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - set
Install StringTargets - Edit installation targets. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - super
User StringProfile - Enable/disable super user profile disable - Disable super user profile enable - Enable super user profile Valid values:
disable,enable. - system
Admin StringProfile Id - an identifier for the resource with format {{profileid}}.
- system
Setting String - System setting. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - term
Access String - Terminal access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - triage
Events String - Triage events. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - trusthost1 String
- Admin user trusted host IP, default 0.0.0.0 0.0.0.0 for all.
- trusthost10 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost2 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost3 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost4 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost5 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost6 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost7 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost8 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost9 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- type String
- profile type. system - System admin. restricted - Restricted admin. Valid values:
system,restricted. - update
Incidents String - Create/update incidents. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - vpn
Manager String - VPN manager. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - web
Filter String - Web filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - write
Passwd StringAccess - set all/specify-by-user/specify-by-profile write password access mode. all - All except super users. specify-by-user - Specify by user. specify-by-profile - Specify by profile. Valid values:
all,specify-by-user,specify-by-profile. - write
Passwd List<Property Map>Profiles - Write-Passwd-Profiles. The structure of
write_passwd_profilesblock is documented below. - write
Passwd List<Property Map>User Lists - Write-Passwd-User-List. The structure of
write_passwd_user_listblock is documented below.
Outputs
All input properties are implicitly available as output properties. Additionally, the SystemAdminProfile resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing SystemAdminProfile Resource
Get an existing SystemAdminProfile resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SystemAdminProfileState, opts?: CustomResourceOptions): SystemAdminProfile@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
adom_admin: Optional[str] = None,
adom_lock: Optional[str] = None,
adom_policy_packages: Optional[str] = None,
adom_switch: Optional[str] = None,
allow_to_install: Optional[str] = None,
app_filter: Optional[str] = None,
assignment: Optional[str] = None,
change_password: Optional[str] = None,
config_retrieve: Optional[str] = None,
config_revert: Optional[str] = None,
consistency_check: Optional[str] = None,
datamask: Optional[str] = None,
datamask_custom_fields: Optional[Sequence[SystemAdminProfileDatamaskCustomFieldArgs]] = None,
datamask_custom_priority: Optional[str] = None,
datamask_fields: Optional[Sequence[str]] = None,
datamask_keys: Optional[Sequence[str]] = None,
datamask_unmasked_time: Optional[float] = None,
deploy_management: Optional[str] = None,
description: Optional[str] = None,
device_ap: Optional[str] = None,
device_config: Optional[str] = None,
device_forticlient: Optional[str] = None,
device_fortiextender: Optional[str] = None,
device_fortiswitch: Optional[str] = None,
device_manager: Optional[str] = None,
device_op: Optional[str] = None,
device_policy_package_lock: Optional[str] = None,
device_profile: Optional[str] = None,
device_revision_deletion: Optional[str] = None,
device_wan_link_load_balance: Optional[str] = None,
dynamic_sort_subtable: Optional[str] = None,
event_management: Optional[str] = None,
extension_access: Optional[str] = None,
fabric_viewer: Optional[str] = None,
fgd_center: Optional[str] = None,
fgd_center_advanced: Optional[str] = None,
fgd_center_fmw_mgmt: Optional[str] = None,
fgd_center_licensing: Optional[str] = None,
fgt_gui_proxy: Optional[str] = None,
global_policy_packages: Optional[str] = None,
import_policy_packages: Optional[str] = None,
intf_mapping: Optional[str] = None,
ips_baseline_cfg: Optional[str] = None,
ips_baseline_ovrd: Optional[str] = None,
ips_filter: Optional[str] = None,
ips_lock: Optional[str] = None,
ips_objects: Optional[str] = None,
ipv6_trusthost1: Optional[str] = None,
ipv6_trusthost10: Optional[str] = None,
ipv6_trusthost2: Optional[str] = None,
ipv6_trusthost3: Optional[str] = None,
ipv6_trusthost4: Optional[str] = None,
ipv6_trusthost5: Optional[str] = None,
ipv6_trusthost6: Optional[str] = None,
ipv6_trusthost7: Optional[str] = None,
ipv6_trusthost8: Optional[str] = None,
ipv6_trusthost9: Optional[str] = None,
log_viewer: Optional[str] = None,
policy_ips_attrs: Optional[str] = None,
policy_objects: Optional[str] = None,
profileid: Optional[str] = None,
read_passwd: Optional[str] = None,
realtime_monitor: Optional[str] = None,
report_viewer: Optional[str] = None,
rpc_permit: Optional[str] = None,
run_report: Optional[str] = None,
scope: Optional[str] = None,
script_access: Optional[str] = None,
set_install_targets: Optional[str] = None,
super_user_profile: Optional[str] = None,
system_admin_profile_id: Optional[str] = None,
system_setting: Optional[str] = None,
term_access: Optional[str] = None,
triage_events: Optional[str] = None,
trusthost1: Optional[str] = None,
trusthost10: Optional[str] = None,
trusthost2: Optional[str] = None,
trusthost3: Optional[str] = None,
trusthost4: Optional[str] = None,
trusthost5: Optional[str] = None,
trusthost6: Optional[str] = None,
trusthost7: Optional[str] = None,
trusthost8: Optional[str] = None,
trusthost9: Optional[str] = None,
type: Optional[str] = None,
update_incidents: Optional[str] = None,
vpn_manager: Optional[str] = None,
web_filter: Optional[str] = None,
write_passwd_access: Optional[str] = None,
write_passwd_profiles: Optional[Sequence[SystemAdminProfileWritePasswdProfileArgs]] = None,
write_passwd_user_lists: Optional[Sequence[SystemAdminProfileWritePasswdUserListArgs]] = None) -> SystemAdminProfilefunc GetSystemAdminProfile(ctx *Context, name string, id IDInput, state *SystemAdminProfileState, opts ...ResourceOption) (*SystemAdminProfile, error)public static SystemAdminProfile Get(string name, Input<string> id, SystemAdminProfileState? state, CustomResourceOptions? opts = null)public static SystemAdminProfile get(String name, Output<String> id, SystemAdminProfileState state, CustomResourceOptions options)resources: _: type: fortimanager:SystemAdminProfile get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Adom
Admin string - Enable Adom Admin. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - Adom
Lock string - ADOM locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Adom
Policy stringPackages - ADOM policy packages. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Adom
Switch string - Administrator domain. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Allow
To stringInstall - Enable/disable the restricted user to install objects to the devices. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - App
Filter string - App filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - Assignment string
- Assignment permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Change
Password string - Enable/disable the user to change self password. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - Config
Retrieve string - Configuration retrieve. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Config
Revert string - Revert Configuration from Revision History none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Consistency
Check string - Consistency check. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Datamask string
- Enable/disable data masking. disable - Disable data masking. enable - Enable data masking. Valid values:
disable,enable. - Datamask
Custom List<SystemFields Admin Profile Datamask Custom Field> - Datamask-Custom-Fields. The structure of
datamask_custom_fieldsblock is documented below. - Datamask
Custom stringPriority - Prioritize custom fields. disable - Disable custom field search priority. enable - Enable custom field search priority. Valid values:
disable,enable. - Datamask
Fields List<string> - Data masking fields. user - User name. srcip - Source IP. srcname - Source name. srcmac - Source MAC. dstip - Destination IP. dstname - Dst name. email - Email. message - Message. domain - Domain. Valid values:
user,srcip,srcname,srcmac,dstip,dstname,email,message,domain. - Datamask
Keys List<string> - Data masking encryption key.
- Datamask
Unmasked doubleTime - Time in days without data masking.
- Deploy
Management string - Install to devices. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Description string
- Description.
- Device
Ap string - Manage AP. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Config string - Manage device configurations. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Forticlient string - Manage FortiClient. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Fortiextender string - Manage FortiExtender. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Fortiswitch string - Manage FortiSwitch. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Manager string - Device manager. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Op string - Device add/delete/edit. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Policy stringPackage Lock - Device/Policy Package locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Profile string - Device profile permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Revision stringDeletion - Delete device revision. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Wan stringLink Load Balance - Manage WAN link load balance. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Event
Management string - Event management. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Extension
Access string - Manage extension access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Fabric
Viewer string - Fabric viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Fgd
Center string - FortiGuard Center. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Fgd
Center stringAdvanced - FortiGuard Center Advanced. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Fgd
Center stringFmw Mgmt - FortiGuard Center Firmware Management. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Fgd
Center stringLicensing - FortiGuard Center Licensing. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Fgt
Gui stringProxy - FortiGate GUI proxy. disable - No permission. enable - With permission. Valid values:
disable,enable. - Global
Policy stringPackages - Global policy packages. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Import
Policy stringPackages - Import Policy Package. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Intf
Mapping string - Interface Mapping none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Ips
Baseline stringCfg - Ips baseline sensor configration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Ips
Baseline stringOvrd - Enable/disable override baseline ips sensor. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - Ips
Filter string - IPS filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - Ips
Lock string - IPS locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Ips
Objects string - Ips objects configuration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Ipv6Trusthost1 string
- Admin user trusted host IPv6, default ::/0 for all.
- Ipv6Trusthost10 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost2 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost3 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost4 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost5 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost6 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost7 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost8 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost9 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Log
Viewer string - Log viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Policy
Ips stringAttrs - Policy ips attributes configuration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Policy
Objects string - Policy objects permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Profileid string
- Profile ID.
- Read
Passwd string - View password in clear text. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Realtime
Monitor string - Realtime monitor. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Report
Viewer string - Report viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Rpc
Permit string - Set none/read/read-write rpc-permission read-write - Read-write permission. none - No permission. read - Read-only permission. Valid values:
read-write,none,read. - Run
Report string - Run reports. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Scope string
- Scope. global - Global scope. adom - ADOM scope. Valid values:
global,adom. - Script
Access string - Script access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Set
Install stringTargets - Edit installation targets. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Super
User stringProfile - Enable/disable super user profile disable - Disable super user profile enable - Enable super user profile Valid values:
disable,enable. - System
Admin stringProfile Id - an identifier for the resource with format {{profileid}}.
- System
Setting string - System setting. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Term
Access string - Terminal access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Triage
Events string - Triage events. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Trusthost1 string
- Admin user trusted host IP, default 0.0.0.0 0.0.0.0 for all.
- Trusthost10 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost2 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost3 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost4 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost5 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost6 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost7 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost8 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost9 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Type string
- profile type. system - System admin. restricted - Restricted admin. Valid values:
system,restricted. - Update
Incidents string - Create/update incidents. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Vpn
Manager string - VPN manager. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Web
Filter string - Web filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - Write
Passwd stringAccess - set all/specify-by-user/specify-by-profile write password access mode. all - All except super users. specify-by-user - Specify by user. specify-by-profile - Specify by profile. Valid values:
all,specify-by-user,specify-by-profile. - Write
Passwd List<SystemProfiles Admin Profile Write Passwd Profile> - Write-Passwd-Profiles. The structure of
write_passwd_profilesblock is documented below. - Write
Passwd List<SystemUser Lists Admin Profile Write Passwd User List> - Write-Passwd-User-List. The structure of
write_passwd_user_listblock is documented below.
- Adom
Admin string - Enable Adom Admin. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - Adom
Lock string - ADOM locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Adom
Policy stringPackages - ADOM policy packages. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Adom
Switch string - Administrator domain. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Allow
To stringInstall - Enable/disable the restricted user to install objects to the devices. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - App
Filter string - App filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - Assignment string
- Assignment permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Change
Password string - Enable/disable the user to change self password. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - Config
Retrieve string - Configuration retrieve. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Config
Revert string - Revert Configuration from Revision History none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Consistency
Check string - Consistency check. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Datamask string
- Enable/disable data masking. disable - Disable data masking. enable - Enable data masking. Valid values:
disable,enable. - Datamask
Custom []SystemFields Admin Profile Datamask Custom Field Args - Datamask-Custom-Fields. The structure of
datamask_custom_fieldsblock is documented below. - Datamask
Custom stringPriority - Prioritize custom fields. disable - Disable custom field search priority. enable - Enable custom field search priority. Valid values:
disable,enable. - Datamask
Fields []string - Data masking fields. user - User name. srcip - Source IP. srcname - Source name. srcmac - Source MAC. dstip - Destination IP. dstname - Dst name. email - Email. message - Message. domain - Domain. Valid values:
user,srcip,srcname,srcmac,dstip,dstname,email,message,domain. - Datamask
Keys []string - Data masking encryption key.
- Datamask
Unmasked float64Time - Time in days without data masking.
- Deploy
Management string - Install to devices. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Description string
- Description.
- Device
Ap string - Manage AP. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Config string - Manage device configurations. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Forticlient string - Manage FortiClient. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Fortiextender string - Manage FortiExtender. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Fortiswitch string - Manage FortiSwitch. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Manager string - Device manager. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Op string - Device add/delete/edit. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Policy stringPackage Lock - Device/Policy Package locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Profile string - Device profile permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Revision stringDeletion - Delete device revision. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Device
Wan stringLink Load Balance - Manage WAN link load balance. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- Event
Management string - Event management. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Extension
Access string - Manage extension access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Fabric
Viewer string - Fabric viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Fgd
Center string - FortiGuard Center. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Fgd
Center stringAdvanced - FortiGuard Center Advanced. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Fgd
Center stringFmw Mgmt - FortiGuard Center Firmware Management. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Fgd
Center stringLicensing - FortiGuard Center Licensing. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Fgt
Gui stringProxy - FortiGate GUI proxy. disable - No permission. enable - With permission. Valid values:
disable,enable. - Global
Policy stringPackages - Global policy packages. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Import
Policy stringPackages - Import Policy Package. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Intf
Mapping string - Interface Mapping none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Ips
Baseline stringCfg - Ips baseline sensor configration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Ips
Baseline stringOvrd - Enable/disable override baseline ips sensor. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - Ips
Filter string - IPS filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - Ips
Lock string - IPS locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Ips
Objects string - Ips objects configuration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Ipv6Trusthost1 string
- Admin user trusted host IPv6, default ::/0 for all.
- Ipv6Trusthost10 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost2 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost3 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost4 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost5 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost6 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost7 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost8 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Ipv6Trusthost9 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- Log
Viewer string - Log viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Policy
Ips stringAttrs - Policy ips attributes configuration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Policy
Objects string - Policy objects permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Profileid string
- Profile ID.
- Read
Passwd string - View password in clear text. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Realtime
Monitor string - Realtime monitor. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Report
Viewer string - Report viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Rpc
Permit string - Set none/read/read-write rpc-permission read-write - Read-write permission. none - No permission. read - Read-only permission. Valid values:
read-write,none,read. - Run
Report string - Run reports. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Scope string
- Scope. global - Global scope. adom - ADOM scope. Valid values:
global,adom. - Script
Access string - Script access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Set
Install stringTargets - Edit installation targets. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Super
User stringProfile - Enable/disable super user profile disable - Disable super user profile enable - Enable super user profile Valid values:
disable,enable. - System
Admin stringProfile Id - an identifier for the resource with format {{profileid}}.
- System
Setting string - System setting. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Term
Access string - Terminal access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Triage
Events string - Triage events. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Trusthost1 string
- Admin user trusted host IP, default 0.0.0.0 0.0.0.0 for all.
- Trusthost10 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost2 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost3 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost4 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost5 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost6 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost7 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost8 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Trusthost9 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- Type string
- profile type. system - System admin. restricted - Restricted admin. Valid values:
system,restricted. - Update
Incidents string - Create/update incidents. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Vpn
Manager string - VPN manager. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - Web
Filter string - Web filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - Write
Passwd stringAccess - set all/specify-by-user/specify-by-profile write password access mode. all - All except super users. specify-by-user - Specify by user. specify-by-profile - Specify by profile. Valid values:
all,specify-by-user,specify-by-profile. - Write
Passwd []SystemProfiles Admin Profile Write Passwd Profile Args - Write-Passwd-Profiles. The structure of
write_passwd_profilesblock is documented below. - Write
Passwd []SystemUser Lists Admin Profile Write Passwd User List Type Args - Write-Passwd-User-List. The structure of
write_passwd_user_listblock is documented below.
- adom
Admin String - Enable Adom Admin. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - adom
Lock String - ADOM locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - adom
Policy StringPackages - ADOM policy packages. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - adom
Switch String - Administrator domain. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - allow
To StringInstall - Enable/disable the restricted user to install objects to the devices. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - app
Filter String - App filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - assignment String
- Assignment permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - change
Password String - Enable/disable the user to change self password. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - config
Retrieve String - Configuration retrieve. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - config
Revert String - Revert Configuration from Revision History none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - consistency
Check String - Consistency check. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - datamask String
- Enable/disable data masking. disable - Disable data masking. enable - Enable data masking. Valid values:
disable,enable. - datamask
Custom List<SystemFields Admin Profile Datamask Custom Field> - Datamask-Custom-Fields. The structure of
datamask_custom_fieldsblock is documented below. - datamask
Custom StringPriority - Prioritize custom fields. disable - Disable custom field search priority. enable - Enable custom field search priority. Valid values:
disable,enable. - datamask
Fields List<String> - Data masking fields. user - User name. srcip - Source IP. srcname - Source name. srcmac - Source MAC. dstip - Destination IP. dstname - Dst name. email - Email. message - Message. domain - Domain. Valid values:
user,srcip,srcname,srcmac,dstip,dstname,email,message,domain. - datamask
Keys List<String> - Data masking encryption key.
- datamask
Unmasked DoubleTime - Time in days without data masking.
- deploy
Management String - Install to devices. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - description String
- Description.
- device
Ap String - Manage AP. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Config String - Manage device configurations. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Forticlient String - Manage FortiClient. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Fortiextender String - Manage FortiExtender. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Fortiswitch String - Manage FortiSwitch. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Manager String - Device manager. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Op String - Device add/delete/edit. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Policy StringPackage Lock - Device/Policy Package locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Profile String - Device profile permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Revision StringDeletion - Delete device revision. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Wan StringLink Load Balance - Manage WAN link load balance. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- event
Management String - Event management. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - extension
Access String - Manage extension access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fabric
Viewer String - Fabric viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd
Center String - FortiGuard Center. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd
Center StringAdvanced - FortiGuard Center Advanced. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd
Center StringFmw Mgmt - FortiGuard Center Firmware Management. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd
Center StringLicensing - FortiGuard Center Licensing. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgt
Gui StringProxy - FortiGate GUI proxy. disable - No permission. enable - With permission. Valid values:
disable,enable. - global
Policy StringPackages - Global policy packages. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - import
Policy StringPackages - Import Policy Package. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - intf
Mapping String - Interface Mapping none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ips
Baseline StringCfg - Ips baseline sensor configration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ips
Baseline StringOvrd - Enable/disable override baseline ips sensor. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - ips
Filter String - IPS filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - ips
Lock String - IPS locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ips
Objects String - Ips objects configuration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ipv6Trusthost1 String
- Admin user trusted host IPv6, default ::/0 for all.
- ipv6Trusthost10 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost2 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost3 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost4 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost5 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost6 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost7 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost8 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost9 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- log
Viewer String - Log viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - policy
Ips StringAttrs - Policy ips attributes configuration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - policy
Objects String - Policy objects permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - profileid String
- Profile ID.
- read
Passwd String - View password in clear text. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - realtime
Monitor String - Realtime monitor. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - report
Viewer String - Report viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - rpc
Permit String - Set none/read/read-write rpc-permission read-write - Read-write permission. none - No permission. read - Read-only permission. Valid values:
read-write,none,read. - run
Report String - Run reports. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - scope String
- Scope. global - Global scope. adom - ADOM scope. Valid values:
global,adom. - script
Access String - Script access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - set
Install StringTargets - Edit installation targets. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - super
User StringProfile - Enable/disable super user profile disable - Disable super user profile enable - Enable super user profile Valid values:
disable,enable. - system
Admin StringProfile Id - an identifier for the resource with format {{profileid}}.
- system
Setting String - System setting. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - term
Access String - Terminal access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - triage
Events String - Triage events. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - trusthost1 String
- Admin user trusted host IP, default 0.0.0.0 0.0.0.0 for all.
- trusthost10 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost2 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost3 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost4 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost5 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost6 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost7 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost8 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost9 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- type String
- profile type. system - System admin. restricted - Restricted admin. Valid values:
system,restricted. - update
Incidents String - Create/update incidents. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - vpn
Manager String - VPN manager. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - web
Filter String - Web filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - write
Passwd StringAccess - set all/specify-by-user/specify-by-profile write password access mode. all - All except super users. specify-by-user - Specify by user. specify-by-profile - Specify by profile. Valid values:
all,specify-by-user,specify-by-profile. - write
Passwd List<SystemProfiles Admin Profile Write Passwd Profile> - Write-Passwd-Profiles. The structure of
write_passwd_profilesblock is documented below. - write
Passwd List<SystemUser Lists Admin Profile Write Passwd User List> - Write-Passwd-User-List. The structure of
write_passwd_user_listblock is documented below.
- adom
Admin string - Enable Adom Admin. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - adom
Lock string - ADOM locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - adom
Policy stringPackages - ADOM policy packages. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - adom
Switch string - Administrator domain. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - allow
To stringInstall - Enable/disable the restricted user to install objects to the devices. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - app
Filter string - App filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - assignment string
- Assignment permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - change
Password string - Enable/disable the user to change self password. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - config
Retrieve string - Configuration retrieve. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - config
Revert string - Revert Configuration from Revision History none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - consistency
Check string - Consistency check. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - datamask string
- Enable/disable data masking. disable - Disable data masking. enable - Enable data masking. Valid values:
disable,enable. - datamask
Custom SystemFields Admin Profile Datamask Custom Field[] - Datamask-Custom-Fields. The structure of
datamask_custom_fieldsblock is documented below. - datamask
Custom stringPriority - Prioritize custom fields. disable - Disable custom field search priority. enable - Enable custom field search priority. Valid values:
disable,enable. - datamask
Fields string[] - Data masking fields. user - User name. srcip - Source IP. srcname - Source name. srcmac - Source MAC. dstip - Destination IP. dstname - Dst name. email - Email. message - Message. domain - Domain. Valid values:
user,srcip,srcname,srcmac,dstip,dstname,email,message,domain. - datamask
Keys string[] - Data masking encryption key.
- datamask
Unmasked numberTime - Time in days without data masking.
- deploy
Management string - Install to devices. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - description string
- Description.
- device
Ap string - Manage AP. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Config string - Manage device configurations. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Forticlient string - Manage FortiClient. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Fortiextender string - Manage FortiExtender. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Fortiswitch string - Manage FortiSwitch. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Manager string - Device manager. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Op string - Device add/delete/edit. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Policy stringPackage Lock - Device/Policy Package locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Profile string - Device profile permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Revision stringDeletion - Delete device revision. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Wan stringLink Load Balance - Manage WAN link load balance. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - dynamic
Sort stringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- event
Management string - Event management. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - extension
Access string - Manage extension access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fabric
Viewer string - Fabric viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd
Center string - FortiGuard Center. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd
Center stringAdvanced - FortiGuard Center Advanced. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd
Center stringFmw Mgmt - FortiGuard Center Firmware Management. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd
Center stringLicensing - FortiGuard Center Licensing. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgt
Gui stringProxy - FortiGate GUI proxy. disable - No permission. enable - With permission. Valid values:
disable,enable. - global
Policy stringPackages - Global policy packages. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - import
Policy stringPackages - Import Policy Package. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - intf
Mapping string - Interface Mapping none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ips
Baseline stringCfg - Ips baseline sensor configration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ips
Baseline stringOvrd - Enable/disable override baseline ips sensor. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - ips
Filter string - IPS filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - ips
Lock string - IPS locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ips
Objects string - Ips objects configuration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ipv6Trusthost1 string
- Admin user trusted host IPv6, default ::/0 for all.
- ipv6Trusthost10 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost2 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost3 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost4 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost5 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost6 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost7 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost8 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost9 string
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- log
Viewer string - Log viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - policy
Ips stringAttrs - Policy ips attributes configuration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - policy
Objects string - Policy objects permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - profileid string
- Profile ID.
- read
Passwd string - View password in clear text. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - realtime
Monitor string - Realtime monitor. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - report
Viewer string - Report viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - rpc
Permit string - Set none/read/read-write rpc-permission read-write - Read-write permission. none - No permission. read - Read-only permission. Valid values:
read-write,none,read. - run
Report string - Run reports. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - scope string
- Scope. global - Global scope. adom - ADOM scope. Valid values:
global,adom. - script
Access string - Script access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - set
Install stringTargets - Edit installation targets. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - super
User stringProfile - Enable/disable super user profile disable - Disable super user profile enable - Enable super user profile Valid values:
disable,enable. - system
Admin stringProfile Id - an identifier for the resource with format {{profileid}}.
- system
Setting string - System setting. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - term
Access string - Terminal access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - triage
Events string - Triage events. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - trusthost1 string
- Admin user trusted host IP, default 0.0.0.0 0.0.0.0 for all.
- trusthost10 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost2 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost3 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost4 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost5 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost6 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost7 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost8 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost9 string
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- type string
- profile type. system - System admin. restricted - Restricted admin. Valid values:
system,restricted. - update
Incidents string - Create/update incidents. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - vpn
Manager string - VPN manager. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - web
Filter string - Web filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - write
Passwd stringAccess - set all/specify-by-user/specify-by-profile write password access mode. all - All except super users. specify-by-user - Specify by user. specify-by-profile - Specify by profile. Valid values:
all,specify-by-user,specify-by-profile. - write
Passwd SystemProfiles Admin Profile Write Passwd Profile[] - Write-Passwd-Profiles. The structure of
write_passwd_profilesblock is documented below. - write
Passwd SystemUser Lists Admin Profile Write Passwd User List[] - Write-Passwd-User-List. The structure of
write_passwd_user_listblock is documented below.
- adom_
admin str - Enable Adom Admin. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - adom_
lock str - ADOM locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - adom_
policy_ strpackages - ADOM policy packages. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - adom_
switch str - Administrator domain. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - allow_
to_ strinstall - Enable/disable the restricted user to install objects to the devices. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - app_
filter str - App filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - assignment str
- Assignment permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - change_
password str - Enable/disable the user to change self password. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - config_
retrieve str - Configuration retrieve. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - config_
revert str - Revert Configuration from Revision History none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - consistency_
check str - Consistency check. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - datamask str
- Enable/disable data masking. disable - Disable data masking. enable - Enable data masking. Valid values:
disable,enable. - datamask_
custom_ Sequence[Systemfields Admin Profile Datamask Custom Field Args] - Datamask-Custom-Fields. The structure of
datamask_custom_fieldsblock is documented below. - datamask_
custom_ strpriority - Prioritize custom fields. disable - Disable custom field search priority. enable - Enable custom field search priority. Valid values:
disable,enable. - datamask_
fields Sequence[str] - Data masking fields. user - User name. srcip - Source IP. srcname - Source name. srcmac - Source MAC. dstip - Destination IP. dstname - Dst name. email - Email. message - Message. domain - Domain. Valid values:
user,srcip,srcname,srcmac,dstip,dstname,email,message,domain. - datamask_
keys Sequence[str] - Data masking encryption key.
- datamask_
unmasked_ floattime - Time in days without data masking.
- deploy_
management str - Install to devices. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - description str
- Description.
- device_
ap str - Manage AP. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device_
config str - Manage device configurations. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device_
forticlient str - Manage FortiClient. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device_
fortiextender str - Manage FortiExtender. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device_
fortiswitch str - Manage FortiSwitch. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device_
manager str - Device manager. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device_
op str - Device add/delete/edit. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device_
policy_ strpackage_ lock - Device/Policy Package locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device_
profile str - Device profile permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device_
revision_ strdeletion - Delete device revision. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device_
wan_ strlink_ load_ balance - Manage WAN link load balance. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - dynamic_
sort_ strsubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- event_
management str - Event management. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - extension_
access str - Manage extension access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fabric_
viewer str - Fabric viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd_
center str - FortiGuard Center. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd_
center_ stradvanced - FortiGuard Center Advanced. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd_
center_ strfmw_ mgmt - FortiGuard Center Firmware Management. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd_
center_ strlicensing - FortiGuard Center Licensing. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgt_
gui_ strproxy - FortiGate GUI proxy. disable - No permission. enable - With permission. Valid values:
disable,enable. - global_
policy_ strpackages - Global policy packages. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - import_
policy_ strpackages - Import Policy Package. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - intf_
mapping str - Interface Mapping none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ips_
baseline_ strcfg - Ips baseline sensor configration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ips_
baseline_ strovrd - Enable/disable override baseline ips sensor. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - ips_
filter str - IPS filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - ips_
lock str - IPS locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ips_
objects str - Ips objects configuration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ipv6_
trusthost1 str - Admin user trusted host IPv6, default ::/0 for all.
- ipv6_
trusthost10 str - Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6_
trusthost2 str - Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6_
trusthost3 str - Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6_
trusthost4 str - Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6_
trusthost5 str - Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6_
trusthost6 str - Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6_
trusthost7 str - Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6_
trusthost8 str - Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6_
trusthost9 str - Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- log_
viewer str - Log viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - policy_
ips_ strattrs - Policy ips attributes configuration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - policy_
objects str - Policy objects permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - profileid str
- Profile ID.
- read_
passwd str - View password in clear text. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - realtime_
monitor str - Realtime monitor. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - report_
viewer str - Report viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - rpc_
permit str - Set none/read/read-write rpc-permission read-write - Read-write permission. none - No permission. read - Read-only permission. Valid values:
read-write,none,read. - run_
report str - Run reports. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - scope str
- Scope. global - Global scope. adom - ADOM scope. Valid values:
global,adom. - script_
access str - Script access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - set_
install_ strtargets - Edit installation targets. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - super_
user_ strprofile - Enable/disable super user profile disable - Disable super user profile enable - Enable super user profile Valid values:
disable,enable. - system_
admin_ strprofile_ id - an identifier for the resource with format {{profileid}}.
- system_
setting str - System setting. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - term_
access str - Terminal access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - triage_
events str - Triage events. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - trusthost1 str
- Admin user trusted host IP, default 0.0.0.0 0.0.0.0 for all.
- trusthost10 str
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost2 str
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost3 str
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost4 str
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost5 str
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost6 str
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost7 str
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost8 str
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost9 str
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- type str
- profile type. system - System admin. restricted - Restricted admin. Valid values:
system,restricted. - update_
incidents str - Create/update incidents. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - vpn_
manager str - VPN manager. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - web_
filter str - Web filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - write_
passwd_ straccess - set all/specify-by-user/specify-by-profile write password access mode. all - All except super users. specify-by-user - Specify by user. specify-by-profile - Specify by profile. Valid values:
all,specify-by-user,specify-by-profile. - write_
passwd_ Sequence[Systemprofiles Admin Profile Write Passwd Profile Args] - Write-Passwd-Profiles. The structure of
write_passwd_profilesblock is documented below. - write_
passwd_ Sequence[Systemuser_ lists Admin Profile Write Passwd User List Args] - Write-Passwd-User-List. The structure of
write_passwd_user_listblock is documented below.
- adom
Admin String - Enable Adom Admin. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - adom
Lock String - ADOM locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - adom
Policy StringPackages - ADOM policy packages. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - adom
Switch String - Administrator domain. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - allow
To StringInstall - Enable/disable the restricted user to install objects to the devices. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - app
Filter String - App filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - assignment String
- Assignment permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - change
Password String - Enable/disable the user to change self password. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - config
Retrieve String - Configuration retrieve. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - config
Revert String - Revert Configuration from Revision History none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - consistency
Check String - Consistency check. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - datamask String
- Enable/disable data masking. disable - Disable data masking. enable - Enable data masking. Valid values:
disable,enable. - datamask
Custom List<Property Map>Fields - Datamask-Custom-Fields. The structure of
datamask_custom_fieldsblock is documented below. - datamask
Custom StringPriority - Prioritize custom fields. disable - Disable custom field search priority. enable - Enable custom field search priority. Valid values:
disable,enable. - datamask
Fields List<String> - Data masking fields. user - User name. srcip - Source IP. srcname - Source name. srcmac - Source MAC. dstip - Destination IP. dstname - Dst name. email - Email. message - Message. domain - Domain. Valid values:
user,srcip,srcname,srcmac,dstip,dstname,email,message,domain. - datamask
Keys List<String> - Data masking encryption key.
- datamask
Unmasked NumberTime - Time in days without data masking.
- deploy
Management String - Install to devices. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - description String
- Description.
- device
Ap String - Manage AP. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Config String - Manage device configurations. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Forticlient String - Manage FortiClient. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Fortiextender String - Manage FortiExtender. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Fortiswitch String - Manage FortiSwitch. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Manager String - Device manager. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Op String - Device add/delete/edit. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Policy StringPackage Lock - Device/Policy Package locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Profile String - Device profile permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Revision StringDeletion - Delete device revision. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - device
Wan StringLink Load Balance - Manage WAN link load balance. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - dynamic
Sort StringSubtable - true or false, set this parameter to true when using dynamic for_each + toset to configure and sort sub-tables, please do not set this parameter when configuring static sub-tables.
- event
Management String - Event management. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - extension
Access String - Manage extension access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fabric
Viewer String - Fabric viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd
Center String - FortiGuard Center. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd
Center StringAdvanced - FortiGuard Center Advanced. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd
Center StringFmw Mgmt - FortiGuard Center Firmware Management. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgd
Center StringLicensing - FortiGuard Center Licensing. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - fgt
Gui StringProxy - FortiGate GUI proxy. disable - No permission. enable - With permission. Valid values:
disable,enable. - global
Policy StringPackages - Global policy packages. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - import
Policy StringPackages - Import Policy Package. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - intf
Mapping String - Interface Mapping none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ips
Baseline StringCfg - Ips baseline sensor configration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ips
Baseline StringOvrd - Enable/disable override baseline ips sensor. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - ips
Filter String - IPS filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - ips
Lock String - IPS locking none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ips
Objects String - Ips objects configuration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - ipv6Trusthost1 String
- Admin user trusted host IPv6, default ::/0 for all.
- ipv6Trusthost10 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost2 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost3 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost4 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost5 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost6 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost7 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost8 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- ipv6Trusthost9 String
- Admin user trusted host IPv6, default ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128 for none.
- log
Viewer String - Log viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - policy
Ips StringAttrs - Policy ips attributes configuration. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - policy
Objects String - Policy objects permission. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - profileid String
- Profile ID.
- read
Passwd String - View password in clear text. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - realtime
Monitor String - Realtime monitor. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - report
Viewer String - Report viewer. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - rpc
Permit String - Set none/read/read-write rpc-permission read-write - Read-write permission. none - No permission. read - Read-only permission. Valid values:
read-write,none,read. - run
Report String - Run reports. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - scope String
- Scope. global - Global scope. adom - ADOM scope. Valid values:
global,adom. - script
Access String - Script access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - set
Install StringTargets - Edit installation targets. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - super
User StringProfile - Enable/disable super user profile disable - Disable super user profile enable - Enable super user profile Valid values:
disable,enable. - system
Admin StringProfile Id - an identifier for the resource with format {{profileid}}.
- system
Setting String - System setting. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - term
Access String - Terminal access. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - triage
Events String - Triage events. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - trusthost1 String
- Admin user trusted host IP, default 0.0.0.0 0.0.0.0 for all.
- trusthost10 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost2 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost3 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost4 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost5 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost6 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost7 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost8 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- trusthost9 String
- Admin user trusted host IP, default 255.255.255.255 255.255.255.255 for none.
- type String
- profile type. system - System admin. restricted - Restricted admin. Valid values:
system,restricted. - update
Incidents String - Create/update incidents. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - vpn
Manager String - VPN manager. none - No permission. read - Read permission. read-write - Read-write permission. Valid values:
none,read,read-write. - web
Filter String - Web filter. disable - Disable setting. enable - Enable setting. Valid values:
disable,enable. - write
Passwd StringAccess - set all/specify-by-user/specify-by-profile write password access mode. all - All except super users. specify-by-user - Specify by user. specify-by-profile - Specify by profile. Valid values:
all,specify-by-user,specify-by-profile. - write
Passwd List<Property Map>Profiles - Write-Passwd-Profiles. The structure of
write_passwd_profilesblock is documented below. - write
Passwd List<Property Map>User Lists - Write-Passwd-User-List. The structure of
write_passwd_user_listblock is documented below.
Supporting Types
SystemAdminProfileDatamaskCustomField, SystemAdminProfileDatamaskCustomFieldArgs
- Field
Categories List<string> - Field categories. log - Log. fortiview - FortiView. alert - Event management. ueba - UEBA. all - All. Valid values:
log,fortiview,alert,ueba,all. - Field
Name string - Field name.
- Field
Status string - Field status. disable - Disable field. enable - Enable field. Valid values:
disable,enable. - Field
Type string - Field type. string - String. ip - IP. mac - MAC address. email - Email address. unknown - Unknown. Valid values:
string,ip,mac,email,unknown.
- Field
Categories []string - Field categories. log - Log. fortiview - FortiView. alert - Event management. ueba - UEBA. all - All. Valid values:
log,fortiview,alert,ueba,all. - Field
Name string - Field name.
- Field
Status string - Field status. disable - Disable field. enable - Enable field. Valid values:
disable,enable. - Field
Type string - Field type. string - String. ip - IP. mac - MAC address. email - Email address. unknown - Unknown. Valid values:
string,ip,mac,email,unknown.
- field
Categories List<String> - Field categories. log - Log. fortiview - FortiView. alert - Event management. ueba - UEBA. all - All. Valid values:
log,fortiview,alert,ueba,all. - field
Name String - Field name.
- field
Status String - Field status. disable - Disable field. enable - Enable field. Valid values:
disable,enable. - field
Type String - Field type. string - String. ip - IP. mac - MAC address. email - Email address. unknown - Unknown. Valid values:
string,ip,mac,email,unknown.
- field
Categories string[] - Field categories. log - Log. fortiview - FortiView. alert - Event management. ueba - UEBA. all - All. Valid values:
log,fortiview,alert,ueba,all. - field
Name string - Field name.
- field
Status string - Field status. disable - Disable field. enable - Enable field. Valid values:
disable,enable. - field
Type string - Field type. string - String. ip - IP. mac - MAC address. email - Email address. unknown - Unknown. Valid values:
string,ip,mac,email,unknown.
- field_
categories Sequence[str] - Field categories. log - Log. fortiview - FortiView. alert - Event management. ueba - UEBA. all - All. Valid values:
log,fortiview,alert,ueba,all. - field_
name str - Field name.
- field_
status str - Field status. disable - Disable field. enable - Enable field. Valid values:
disable,enable. - field_
type str - Field type. string - String. ip - IP. mac - MAC address. email - Email address. unknown - Unknown. Valid values:
string,ip,mac,email,unknown.
- field
Categories List<String> - Field categories. log - Log. fortiview - FortiView. alert - Event management. ueba - UEBA. all - All. Valid values:
log,fortiview,alert,ueba,all. - field
Name String - Field name.
- field
Status String - Field status. disable - Disable field. enable - Enable field. Valid values:
disable,enable. - field
Type String - Field type. string - String. ip - IP. mac - MAC address. email - Email address. unknown - Unknown. Valid values:
string,ip,mac,email,unknown.
SystemAdminProfileWritePasswdProfile, SystemAdminProfileWritePasswdProfileArgs
- Profileid string
- Profile ID.
- Profileid string
- Profile ID.
- profileid String
- Profile ID.
- profileid string
- Profile ID.
- profileid str
- Profile ID.
- profileid String
- Profile ID.
SystemAdminProfileWritePasswdUserList, SystemAdminProfileWritePasswdUserListArgs
- Userid string
- User ID.
- Userid string
- User ID.
- userid String
- User ID.
- userid string
- User ID.
- userid str
- User ID.
- userid String
- User ID.
Import
System AdminProfile can be imported using any of these accepted formats:
$ export “FORTIMANAGER_IMPORT_TABLE”=“true”
$ pulumi import fortimanager:index/systemAdminProfile:SystemAdminProfile labelname {{profileid}}
$ unset “FORTIMANAGER_IMPORT_TABLE”
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- fortimanager fortinetdev/terraform-provider-fortimanager
- License
- Notes
- This Pulumi package is based on the
fortimanagerTerraform Provider.
fortimanager 1.13.0 published on Thursday, Mar 13, 2025 by fortinetdev