iControl REST Interface: Least Privileged Access

Question

When using the REST interface, the only way to pass discovery is by using an administrative user account.  This account type is not able to be tied to a specific administrative partition and least privileged user account (Manager).  Does iControl through REST support reduced permission access and partitioning?&nbsp;
Example request:  https://x.x.x.x/mgmt/tm/ltm/pool&nbsp;
This will return the pools via a browser request using the REST interface.  When prompted for credentials, the admin account will return the correct response.  A non-admin account will return an authentication error.&nbsp;
See thread Limit icontrol/user access to specific virtual servers, pools&nbsp;

what_lies_bene1 · Answer

I don't believe it does at present I'm afraid. Happy to be corrected.&nbsp;

jrahm · Answer

In v12+, you can use role/partition combinations to limit change control. For example, you can use the Manager role on a user assigned to a specific partition, and whereas they can see objects in Common, they cannot change them. For a code example, see my answer on this post.

Forum Discussion

iControl REST Interface: Least Privileged Access

2 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

Privileged Access in Action: Technical Controls for Real-World Environments

Introducing a RESTful interface for iControl

Getting Started with iControl: Interface Taxonomy & Language Libraries

iControl REST Authentication Token Management

Application Programming Interface (API) Authentication types simplified

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS