Forum Discussion
CirrusLimit icontrol/user access to specific virtual servers, pools
All, I ma sure this has been asked previously just I seem to be unable to locate a matching post.
Is there anyway to limit icontrol and/or user account access so it only has administrative access to specific virtual servers or pools?
The F5 is a shared resource amongst many different application teams, and we constantly asked to provide access for the application teams to be able to control pool membership (i.e. disable/re-enable members in a pool) however we do not want team A to be able to accidentally affect team B's pools/virtual servers.
5 Replies
IheartF5_45022Nacreous
Yes - you need to use Administrative Partitions http://support.f5.com/kb/en-us/solutions/public/7000/200/sol7230.html
John_Dunn_14596Nimbostratus
If I may piggy back off this question. When using the REST interface, the only way to pass discovery is by using an administrative user account. This account type is not able to be tied to a specific administrative partition. Does iControl through REST support reduced permission access and partitioning?
- IheartF5_45022
Doh!! jdunn1000 I think you have resolved a problem I had been having with altering a datagroup via REST using a non-admin user - that explains it. Definitely this is something required!!
- IheartF5_45022It might be worth starting a new thread for this so it goes to the top of the Ask page.
- John_Dunn_14596Moved to iControl REST Interface: Least Privileged Access
