Forum Discussion
thiezn_180250
Nimbostratus
NimbostratusiControl REST Access to specific partitions only
Hello,
We would like to create a user account for the iControl REST API that is only allowed to access/create resources in a specific partition. This would allow us to give specific application gro...
thiezn_180250Nimbostratus
NimbostratusHello Arnaud, thanks for the reply
I tried this indeed but it seems the rights assigned to the user during user creation has no effect on the permissions on the iControl REST API. The user is created in partition VPN and only has manager permissions on the VPN partition.
Then when I retrieve for instance /mgmt/tm/ltm/pool I am still getting back pool members in the Common partition:
curl -k -u api-test:password -X GET https://f5apm01/mgmt/tm/ltm/pool
{"kind":"tm:ltm:pool:poolcollectionstate",
"selfLink":"https://localhost/mgmt/tm/ltm/pool?ver=12.1.0",
"items":[{"kind":"tm:ltm:pool:poolstate",
"name":"test-pool-api-common",
"partition":"Common"},
{"kind":"tm:ltm:pool:poolstate",
"name":"euremoteuat.rabobank.com-AD_Auth-pool",
"partition":"VPN","fullPath":"/VPN/euremoteuat.rabobank.com-AD_Auth-pool", ...}]
...data trunkated...}
thiezn_180250Nimbostratus
NimbostratusYes that's correct. We would like to prevent them from accessing, creating objects in the common partition. For instance we maintain the device sync, routing, logging, etc in the Common partition and want to avoid the users to make any changes to this.
