best way to limit account for icontrol privileges

Question

need to have the ability for a script to use icontrol to update dns records on GTM but want that account to be as limited as possible to prevent the obvious should the account be compromised. any response is appreciated.

hamish · Answer

Not a lot of options here.  
&nbsp;  
&nbsp; The only one really that strikes me immediately, is to run a proxy. At the proxy verify the SOAP call and match with the username. If the user is allowed, pass it through. if not, don't. 
&nbsp;  
&nbsp; You could probably do this with an iRule and a VS in fact... Which would let you use a datagroup to match users with roles. And roles with calls... 
&nbsp;  
&nbsp; H

Forum Discussion

best way to limit account for icontrol privileges

Recent Discussions

VS FORWARDING & ROUTE

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

F5 BIG-IP

BIG-IP Oauth Client and AS

Related Content

Create a DevCentral account

iControl REST Authentication Token Management

Change admin account

DevCentral to Require Multi-Factor Authentication for Account Login from September 26

ForgeRock with F5 Distributed Cloud (XC) Account Protection and Authentication Intelligence

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS