Forum Discussion
Brandon_79990
Nimbostratus
NimbostratusOperator User Role in Active/Passive LTM
Hello,
I have a new BIG-IP LTM setup. Most of it is working for me thus far. Per the documentation guidance, I have set this system up in an Active/Passive config. I configured traffic management for Sharepoint front ends. Now I have to give my sharepoint admins perms.
I can create a user account and give it the Operator role to enable and disable nodes. However, when they do this there is a "Changes Pending" status of the F5 cluster. The Operator role doesnt give them perms to Synchronize TO Group. Is this normal? Should I care?
I get that as long as they are working on the Active node that it wont matter. Even after the Operator changes the setting back to its original state, the Changes Pending remains.
Thanks for any help you can provide,
Brandon
nitassEmployee
quote]The Operator role doesnt give them perms to Synchronize TO Group. Is this normal? Should I care?yes, it is expected. administrator or resource administator role is required to perform config sync.
Even after the Operator changes the setting back to its original state, the Changes Pending remains.i understand bigip checks configuration timestamp rather than comparing actual configuration.
there is request for enhancement to create custom user role in future release.
RFE ID 273333 - AuthZ: User-definable roles (Formerly CR 51850)
vaibhavCirrostratus
Correct ....the operator user access is restricted to enabling and disabling the nodes and pool members that reside in the assigned partition....and sync config is a admin task .......- Brandon_79990thanks