Forum Discussion

Frédéric_Lemair's avatar
Frédéric_Lemair
Icon for Nimbostratus rankNimbostratus
Mar 26, 2019

Access rights separation for APM/LTM

Hello,

 

We are currently running F5 LTM on a vcmp on a viprion system. Currently, we only have the LTM license. The LTM module for load-balancing is managed by our Team. Now, we need to plan the deployment of the APM module on our VCMP. The APM part of the vcmp should be managed by another team. Is there a way to restrict the rights so that : -User A should only by allowed to modif/add/remove objet from APM configurations -User B should only be allowed to modif/add/remove object from LTM configuration

 

I did not found granular role that should allow this. If not possible, I suppose we should use a separate vcmp for the APM module and only give access to it for user A. User B being allowed on the vcmp running LTM.

 

THanks in advance

 

Thanks a lot Regards

 

  • Hello Frederic,

     

    You're correct; the default Big-IP roles do not divide up LTM/APM, basically just LTM/ASM.

     

    However, you can do role-based authorization in Big-IQ, which has a couple of different options for dividing up module teams. You might want to look into getting one for your environment.

     

    Best of luck,

     

    Austin

     

  • Hello Frederic,

     

    You're correct; the default Big-IP roles do not divide up LTM/APM, basically just LTM/ASM.

     

    However, you can do role-based authorization in Big-IQ, which has a couple of different options for dividing up module teams. You might want to look into getting one for your environment.

     

    Best of luck,

     

    Austin