Forum Discussion

Josh_41258's avatar
Josh_41258
Icon for Nimbostratus rankNimbostratus
Apr 06, 2012

Restrict Access but allow iRule Edits

I need to find a way to allow certain users the ability to modify iRules, but not modify VS/Pools/etc. I was thinking of putting the iRules in a Partition that the users had access to, and leaving the other resources (VS, etc) in another partition.

 

 

Is this the best way to handle this?

 

 

Thanks,

 

 

 

Josh

 

  • i understand you have to place irule in common partition.

    Understanding iRules and administrative partitions

    http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_configuration_guide_10_0_0/ltm_rules.html

    [root@ve1023:Active] ~  b shell partition rule_partition
    [root@ve1023:Active] ~  b rule rule1 list
    rule rule1 {
       when RULE_INIT {}
       partition rule_partition
    }
    
    [root@ve1023:Active] ~  b shell partition Common
    [root@ve1023:Active] ~  b virtual vs1 destination 1.1.1.1:80 rule rule1
    BIGpipe virtual server rule creation error:
       01070726:3: A virtual server may only reference rules in the same partition or the common partition (vs1:rule1)
    
  • [root@ve1023:Active] ~  b shell partition Common
    [root@ve1023:Active] ~  b rule rule1 list
    rule rule1 {
       when RULE_INIT {}
    }
    
    [root@ve1023:Active] ~  b shell partition vs_partition
    [root@ve1023:Active] ~  b virtual vs1 destination 1.1.1.1:80 rule rule1
    [root@ve1023:Active] ~  b virtual vs1 list
    virtual vs1 {
       destination 1.1.1.1:80
       partition vs_partition
       rules rule1
    }