cp_mgmt_access_role – Manages access-role objects on Check Point over Web Services API¶
New in version 2.9.
Synopsis¶
Manages access-role objects on Check Point devices including creating, updating and removing objects.
All operations are performed over Web Services API.
Parameters¶
Parameter | Choices/Defaults | Comments | |
---|---|---|---|
auto_publish_session
boolean
|
|
Publish the current session if changes have been performed after task completes.
|
|
color
string
|
|
Color of the object. Should be one of existing colors.
|
|
comments
string
|
Comments string.
|
||
details_level
string
|
|
The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
|
|
ignore_errors
boolean
|
|
Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
|
|
ignore_warnings
boolean
|
|
Apply changes ignoring warnings.
|
|
machines
list
|
Machines that can access the system.
|
||
base_dn
string
|
When source is "Active Directory" use "base-dn" to refine the query in AD database.
|
||
selection
list
|
Name or UID of an object selected from source.
|
||
source
string
|
Active Directory name or UID or Identity Tag.
|
||
name
string
/ required
|
Object name.
|
||
networks
list
|
Collection of Network objects identified by the name or UID that can access the system.
|
||
remote_access_clients
string
|
Remote access clients identified by name or UID.
|
||
state
string
|
|
State of the access rule (present or absent). Defaults to present.
|
|
tags
list
|
Collection of tag identifiers.
|
||
users
list
|
Users that can access the system.
|
||
base_dn
string
|
When source is "Active Directory" use "base-dn" to refine the query in AD database.
|
||
selection
list
|
Name or UID of an object selected from source.
|
||
source
string
|
Active Directory name or UID or Identity Tag or Internal User Groups or LDAP groups or Guests.
|
||
version
string
|
Version of checkpoint. If not given one, the latest version taken.
|
||
wait_for_task
boolean
|
|
Wait for the task to end. Such as publish task.
|
Examples¶
- name: add-access-role
cp_mgmt_access_role:
machines: all identified
name: New Access Role 1
networks: any
remote_access_clients: any
state: present
users: any
- name: set-access-role
cp_mgmt_access_role:
machines: any
name: New Access Role 1
state: present
users: all identified
- name: delete-access-role
cp_mgmt_access_role:
name: New Access Role 1
state: absent
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
cp_mgmt_access_role
dictionary
|
always, except when deleting the object. |
The checkpoint object created or updated.
|
Status¶
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]
Authors¶
Or Soffer (@chkp-orso)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.