Restrict RADIUS users to specific roles on LTM

We have an LTM 10200 and are using RADIUS remote authentication. Would like to restrict administrative users to a named list (or group), read only access to a small group and no access to everyone else. Local root and administrator accounts would remain locally authenticated.

 

This article: https://support.f5.com/csp/article/K14324 seems to describe the roles I will need and the configuration on the F5 but doesn't mention Radius. Is this just configured on the F5 side? What additional configuration is required on the Radius side? Are we on the right track? Is there a better way to do this?

 

Thanks in advance