Forum Discussion
CirrusF5 Roles required for Catalog Items
Having difficulty mapping required roles for a group to have proper access to catalog items.
If I create a group call Security-Team and I want them to manage the security like WAF (Web App * API Protection) and Bot Defense, Web App Scanning and whatever else the Security Team should be monitoring to keep our environment safe. What Roles are required for management? They don't need access to everything, just what is required for the application security.
Then we have a group called Support-Teams that need ReadOnly access to everything so they can log into F5 XC and just view everything with no ability to make changes. Not sure what Roles would get assigned to this group.
Both scenarios let's assume all namespaces.
Any help or direction is most appreciated.
1 Reply
- WildWeasel
Below is a list of all roles on our XC instance but its not always clear on which of these you need to be a member of for each tile
Web App & API Protection (my assumption is)
- f5xc-waap (admin,user,monitor,report)
Multi-Cloud Network Connect (my assumption is)
- f5xc-multi-cloud-network-connect (admin,user,monitor)
Multi-Cloud App Connect (my assumption is)
- f5xc-multi-cloud-app-connect (admin,user,monitor)
Distributed Apps
- f5xc-distributed-apps (admin,user,monitor)
DNS Management
- f5xc-dns-management (admin,user,monitor)
Bot Defense
- f5xc-bot-defense (admin,user,monitor,report)
Data Intelligence
- f5xc-data-intelligence (admin,user,monitor)
Web App Scanning
- f5xc-web-app-scanning (admin,user,monitor)
NGINX One
- f5xc-nginx-one (admin,user,monitor)
BIG-IP Utilities
- f5xc-big-ip-utilities (admin,user,monitor)
Content Delivery Network
- f5xc-content-delivery-network (admin,user,monitor)
Universal ZTNA
- f5xc-universal-ztna (admin,user,monitor)
Delegated Access
- f5xc-delegated-access (admin,user,monitor)
Shared Configuration
- not clear
Audit Logs & Alerts
- not clear
Billing
- not clear
Administration
- not clear
So if the above is correct, then the following roles I'm not sure what they are for
- f5xc-account-protection (admin,user,monitor)
- f5xc-ai-assistant (monitor)
- f5xc-aip (admin,user,monitor) (Disabled)
- f5xc-all-ns-dashboard
- f5xc-application-traffic-insight (admin,user,monitor)
- f5xc-authentication-intelligence (admin,user,monitor)
- f5xc-big-ip-apm (admin,user,monitor)
- f5xc-client-side-defense (admin,user,monitor)
- f5xc-console (admin,user,monitor)
- f5xc-ddos-transit-services (admin,user,monitor)
- f5xc-flow-collection (monitor)
- f5xc-global-log-receiver (admin,user,monitor)
- f5xc-managed-service-provider (admin,user,monitor)
- f5xc-mobile-app-shield (admin,user,monitor)
- f5xc-mobile-integrator (admin,user,monitor)
- f5xc-msp-support (admin,user,monitor)
- f5xc-observability (admin,user,monitor)
- f5xc-scim (admin,user,monitor)
- f5xc-synthetic-monitor (admin,user,monitor)
- ves-io-billing-role
- ves-io-default-role
- ves-io-developer-monitor-role (Disabled)
- ves-io-developer-role (Disabled)
- ves-io-infra-admin-role (Disabled)
- ves-io-monitor-role
- ves-io-network-admin-role (Disabled)
- ves-io-power-developer-role
- ves-io-uam-admin-role
- ves-io-uam-role (Disabled)
- ves-io-volt-share-admin-role (Disabled)
