Permissions - Sample Scripts working a little tooo well

Question

I downloaded iControl 4.6.3 for Unix to explore doing some basic stuff (node enable/disable) and extracting stats from a BIG-IP 4.5.12.&nbsp;
&nbsp;Working with the script ../sdk/support/SOAP/perl/LocalLB/LocalLBNode.pl, I was happy to see it working great and as expected.&nbsp;
&nbsp;I was not so happy to see that the user account I was working with had Web Read Only Permissions on the BIG-IP.&nbsp;
&nbsp;Is this normal? Is there something I am missing? We allow users to log on to BIG-IP to review stats and such. I would not like for them to be able to "enable/disable" nodes.&nbsp;
&nbsp;I am suddenly concerned that any user with a route to my BIG-IP and a "Web Read Only" Account can control much more than just accessing the configuration and looking at statistics using this download.

joe_pruitt · Answer

That's not supposed to be the case.  In 4.x, if the user has the the "corba_iControl" or "soap_iControl" privilege then that user is allowed to make method calls.  From what I can remember that was only Administrative accounts, not read-only users.&nbsp;
&nbsp;As far as I know, nothing has changed on the 4.x platform to elevate read-only users permissions.  If you need a resolution to this, I'd suggest you open a support ticket with F5 Product Support.&nbsp;
&nbsp;-Joe

Forum Discussion

Permissions - Sample Scripts working a little tooo well

Recent Discussions

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

How to Renew F5 Device Certificate

F5 ASM CEF Sending Logs in Specific TimeZone

Related Content

Insufficient permissions BIG-IQ login error

Not working my iCall script...

APM Optimisation Script

Passing Arguments to iCall Scripts

Introducing the single Installation script for F5 NGINX Instance Manager

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS