Forum Discussion
prole92_221949
Jul 13, 2016Cirrus
BIG-IP 11.6.1 iControl REST API access issues
Hi guys,
I'm having issues with BIG-IP version 11.6.1 and iControl REST API. On previous versions I was able to create an administrator account on the BIG-IP and use it to access the iControl RE...
- Jul 14, 2016
The behavior changed as part of an enhancement to allow role based access to REST resources. You can create different users as follows:
- Create new user in GUI or TMSH. Make sure to assign that user the appropriate role (e.g. Manager, etc)
- GET to /mgmt/shared/authz/users to verify that the user shows up in the users
- GET /mgmt/shared/authz/roles/iControl_REST_API_User and save contents
- Update userReferences property from the role resource you got in step 3 "userReferences": [ { "link": "https://localhost/mgmt/shared/authz/users/" }
- Do a PUT (or PATCH) to /mgmt/shared/authz/roles/iControl_REST_API_User with the modified userReferences array property
- Verify that the role is updated with the user reference: GET /mgmt/shared/authz/roles/iControl_REST_API_User
- Perform an icontrol command with that user to verify
Note: if the role that you assigned in step 1 does not have access to a resource then you still won’t be able to read/write it
Tikka_Nagi_1315
Jul 14, 2016Historic F5 Account
The behavior changed as part of an enhancement to allow role based access to REST resources. You can create different users as follows:
- Create new user in GUI or TMSH. Make sure to assign that user the appropriate role (e.g. Manager, etc)
- GET to /mgmt/shared/authz/users to verify that the user shows up in the users
- GET /mgmt/shared/authz/roles/iControl_REST_API_User and save contents
- Update userReferences property from the role resource you got in step 3 "userReferences": [ { "link": "https://localhost/mgmt/shared/authz/users/" }
- Do a PUT (or PATCH) to /mgmt/shared/authz/roles/iControl_REST_API_User with the modified userReferences array property
- Verify that the role is updated with the user reference: GET /mgmt/shared/authz/roles/iControl_REST_API_User
- Perform an icontrol command with that user to verify
Note: if the role that you assigned in step 1 does not have access to a resource then you still won’t be able to read/write it
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects