Forum Discussion
NimbostratusGiving users multiple roles via Remote Role Groups (also question about RFE ID 382849)
version 13.1.0.2
So we have our security team that is going to be managing our ASM profiles on the F5. We've created a Remote Role Group for them using the Application Security Administrator role. However, this role restricts them from seeing anything on the LTM side of the fence. We want them to have the ability to have read access to LTM to verify configuration as needed. However, as best I can tell, we cannot assign the AD group to 2 different roles. The F5 will only allow 1 role to be in effect.
When searching for more information via Google, I see numerous references to a RFE (RFE ID 382849) about allowing more precise role permissions, but those conversations are from back in 2015. Has anything ever come about from this RFE? I cannot seem to find anything about it other than these references.
But more importantly, can we add users to multiple roles? If not, what are the suggested ways of working around this issue. One thought I had was to assign the admin role for ASM to their administrator accounts and the read only LTM role to their normal user account. But that's going to be annoying to have to bounce back and forth between them.
Thanks!
This is an interesting request and indeed one that has been requested quite a bit in the past. Right now most granular Role Based Access Control (RBAC) are been implemented on the Big-IQ.
You might want to look into this from that perspective.
Hopefully the manual page About role-based user access on the Big-IQ, will help give more insight into how this can be used.
