Forum Discussion
prole92_221949
Cirrus
CirrusBIG-IP 11.6.1 iControl REST API access issues
Hi guys,
I'm having issues with BIG-IP version 11.6.1 and iControl REST API. On previous versions I was able to create an administrator account on the BIG-IP and use it to access the iControl RE...
The behavior changed as part of an enhancement to allow role based access to REST resources. You can create different users as follows:
- Create new user in GUI or TMSH. Make sure to assign that user the appropriate role (e.g. Manager, etc)
- GET to /mgmt/shared/authz/users to verify that the user shows up in the users
- GET /mgmt/shared/authz/roles/iControl_REST_API_User and save contents
- Update userReferences property from the role resource you got in step 3 "userReferences": [ { "link": "https://localhost/mgmt/shared/authz/users/" }
- Do a PUT (or PATCH) to /mgmt/shared/authz/roles/iControl_REST_API_User with the modified userReferences array property
- Verify that the role is updated with the user reference: GET /mgmt/shared/authz/roles/iControl_REST_API_User
- Perform an icontrol command with that user to verify
Note: if the role that you assigned in step 1 does not have access to a resource then you still won’t be able to read/write it
natasak_295141
Nimbostratus
NimbostratusHi Bobby,
Yes, RBAC setup has changed in versions that came after 11.6.1. 11.6.1 is the only version experiencing issues that you just described.
For more detailed explanation you can checkout this blog post: https://www.comtradesoftware.com/blog/deep-dive-using-remote-authentication-and-role-based-access-control-with-f5-big-ip-icontrol-rest-api/
Natasa