Forum Discussion

thiezn_180250's avatar
thiezn_180250
Icon for Nimbostratus rankNimbostratus
Jun 07, 2016

iControl REST Access to specific partitions only

Hello, We would like to create a user account for the iControl REST API that is only allowed to access/create resources in a specific partition. This would allow us to give specific application gro...
application delivery
devops
iControlREST
thiezn_180250's avatar
thiezn_180250
Icon for Nimbostratus rankNimbostratus
Jun 07, 2016

Hello Arnaud, thanks for the reply

I tried this indeed but it seems the rights assigned to the user during user creation has no effect on the permissions on the iControl REST API. The user is created in partition VPN and only has manager permissions on the VPN partition.

Then when I retrieve for instance /mgmt/tm/ltm/pool I am still getting back pool members in the Common partition:

curl -k -u api-test:password -X GET https://f5apm01/mgmt/tm/ltm/pool

{"kind":"tm:ltm:pool:poolcollectionstate",
 "selfLink":"https://localhost/mgmt/tm/ltm/pool?ver=12.1.0",
  "items":[{"kind":"tm:ltm:pool:poolstate",
            "name":"test-pool-api-common",
            "partition":"Common"},
            {"kind":"tm:ltm:pool:poolstate",
             "name":"euremoteuat.rabobank.com-AD_Auth-pool",
             "partition":"VPN","fullPath":"/VPN/euremoteuat.rabobank.com-AD_Auth-pool", ...}]
   ...data trunkated...}
Arnaud_Lemaire's avatar
Arnaud_Lemaire
Icon for Employee rankEmployee
Jun 07, 2016
That is expected behavior Common partition is available to everyone. The user has access to common and VPN partition, the REST call will respond with everything like in the gui if you had selected partition VPN = common + VPN. Now i better understand, you are looking for a way that a partition user can accesses only the partition and not the Common, is that correct ?