Forum Discussion
NimbostratusUser role for remote command
Hi all,
I'm trying to disable some members from a bash script in a remote server using a curl command
curl --insecure -u operator:operator -H "Content-Type: application/json" -X PUT https://myf5.ipaddress.com/mgmt/tm/ltm/pool/Pool_01/members/~Common~member01:80 -d '{"session":"user-disabled","state":"user-down"}'
This works fine while you are using a user with admin privileges but I don't like this. I want to limit permissions but when I change it form administrator to another role (operator, manager, resource administrator ... etc) and send the command, returns a error message:
"code":401,"message":"Authorization failed:
I thing that I'm doing something wrong because I thing that it's not possible that a user to make this job must have all privileges than a administrator
Someone has tried something like this and works fine ? Wich role have configured ??
Best Regards. Jose.
Dario_GarridoNoctilucent
Hello Jose
I would repeat the query using GET to verify that your user can access in mode read-only to this resource. In case of no, you should validate your user permissions (user configuration).
Also, iControl REST uses RBAC.
https://devcentral.f5.com/s/articles/icontrol-rest-fine-grained-role-based-access-control-30773
Check the group assigned to your user and verify if it has access to the resource/method that you are using.
curl -k -u admin:XXX -X GET https://localhost/mgmt/shared/authz/roles | json-format curl -k -u admin:XXX -X GET https://localhost/mgmt/shared/authz/resource-groups | json-formatKR,
Dario.