Forum Discussion

MYLK's avatar
Icon for Nimbostratus rankNimbostratus
Dec 01, 2011

best way to limit account for icontrol privileges

need to have the ability for a script to use icontrol to update dns records on GTM but want that account to be as limited as possible to prevent the obvious should the account be compromised. any response is appreciated.




1 Reply

  • Hamish's avatar
    Icon for Cirrocumulus rankCirrocumulus
    Not a lot of options here.



    The only one really that strikes me immediately, is to run a proxy. At the proxy verify the SOAP call and match with the username. If the user is allowed, pass it through. if not, don't.



    You could probably do this with an iRule and a VS in fact... Which would let you use a datagroup to match users with roles. And roles with calls...