Closed wagonza closed 2 years ago
Hi @wagonza,
Thank you for raising this issue. Please check whether the login user has super_admin
accprofile. Lower level accprofile do not have the right to create user with higher level accprofile. If it still not work, please let me know the Ansible FortiOS galaxy collection version that you are using.
Thanks, Xing
Thanks @lix-fortinet - that worked. Interesting, I figured since the API user had System
as set to read+write
it would be able to create a user and specify any profile. One assumes the API user can do anything as deemed by what is configured in Access Control
. Another area where it failed was that the API user could update Administrator Settings
, NTP
, DNS
, timezone
etc. but it could not update the Email Service
section.
Oh by the way version I am using is 2.1.6
Hi @wagonza,
Thank you for your update. Access Control may not contain all read/write rights. I am not so clear about the another failed area, do you mean the issue of could not update the Email service is under super_admin
accprofile?
Thanks, Xing
Trying to create a new admin user fails with the below error on
v7.2.1
."cli_error": "entry not found in datasource\n\nvalue parse error before 'super_admin'\nCommand fail. Return code -3\n",
Example playbook as follows:
Enabling debugging with:
Output: