Forum Discussion

coda6_52611's avatar
coda6_52611
Icon for Nimbostratus rankNimbostratus
Jun 09, 2010

Allowing specific user privileges

Is there a way to allow a user, in 10.1.0, to update iRules for a specific container but not have the ability to change pools, virtuals or other admin functions?
management
monitoring
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Jun 09, 2010
    I don't think there is an LTM role which would allow a user to change just an iRule. You could build a simple iControl based application which would support changing just iRule(s).

     

     

    Aaron
  • Michael_Yates's avatar
    Michael_Yates
    Icon for Nimbostratus rankNimbostratus
    Jun 09, 2010
    The closest you are going to get to what you need is an implementation of Administrative Domains and Partitions.

     

     

    The User would still have a higher level of rights than what you want them to have, but they would be restricted to modifications of things within that Partition Only and not the entire F5 / LTM.

     

     

    Another thing of note is that Nodes, iRules, Virtual Servers, and Pools are compartmentalized in an ADP implementation.

     

     

    -Everything can use what is in the Common Partition

     

    -Common Partition cannot use anything in any other partition

     

    -Partitions cannot use any resources located in any different partition (other than Common).

     

  • coda6_52611's avatar
    coda6_52611
    Icon for Nimbostratus rankNimbostratus
    Jun 09, 2010
    Thanks guys, I had already used extensive partitioning, so maybe allowing him admin rights in his partition wouldn't be too bad, the only person he could mess up would be himself.

     

     

    Thanks again,

     

     

    Ken