Forum Discussion
TACACS Authentication with Multiple Remote Roles
We are running 11.2.1 HF1 on a pair of 11000s. Using TACACS for authentication and have a groups of application admins logging in using the "auditor" remote role. We now want to give them the "operator" role also so they can enable/disable nodes/pool members.
When I change the role of their remote role group to "operator" they lose access to System->Logs...which they still require.
So is there a way to combine the auditor and operator roles into 1 role/group?
4 Replies
hoolioCirrostratus
Hi Brad,
Under System ›› Logs : Configuration : Options, you can allow access to the logs for the Operator role.
Aaron- Thanks Aaron. That was WAY too easy.
Pavel_71715Nimbostratus
Hi Aaron,
Do you have any idea how to configure in v11.2 user rights only via TACAS+ server? This was done by bp shell in version 10.x. - please see example below. Thank you.
BR,
Pavel
bigpipe remoterole role info acs_auth_users { attribute "F5-LTM-User-Info-1=acs_auth_users" role "%F5-LTM-User-Role" user partition "%F5-LTM-User-Partition" console "%F5-LTM-User-Console" deny disable line order 1000}
What_Lies_Bene1Try these two commands;
-[tmsh] modify auth remote-role
-[tmsh] modify auth remote-user
