Forum Discussion

Brandon_79990's avatar
Brandon_79990
Icon for Nimbostratus rankNimbostratus
Mar 16, 2012

Operator User Role in Active/Passive LTM

Hello,

 

 

I have a new BIG-IP LTM setup. Most of it is working for me thus far. Per the documentation guidance, I have set this system up in an Active/Passive config. I configured traffic management for Sharepoint front ends. Now I have to give my sharepoint admins perms.

 

 

I can create a user account and give it the Operator role to enable and disable nodes. However, when they do this there is a "Changes Pending" status of the F5 cluster. The Operator role doesnt give them perms to Synchronize TO Group. Is this normal? Should I care?

 

 

I get that as long as they are working on the Active node that it wont matter. Even after the Operator changes the setting back to its original state, the Changes Pending remains.

 

 

Thanks for any help you can provide,

 

Brandon

 

management
monitoring

3 Replies

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Mar 17, 2012
    quote]The Operator role doesnt give them perms to Synchronize TO Group. Is this normal? Should I care?yes, it is expected. administrator or resource administator role is required to perform config sync.

     

     

    Even after the Operator changes the setting back to its original state, the Changes Pending remains.i understand bigip checks configuration timestamp rather than comparing actual configuration.

     

     

    there is request for enhancement to create custom user role in future release.

     

    RFE ID 273333 - AuthZ: User-definable roles (Formerly CR 51850)
  • vaibhav's avatar
    vaibhav
    Icon for Cirrostratus rankCirrostratus
    Mar 17, 2012
    Correct ....the operator user access is restricted to enabling and disabling the nodes and pool members that reside in the assigned partition....and sync config is a admin task .......