Forum Discussion

newbie's avatar
newbie
Icon for Altostratus rankAltostratus
Mar 16, 2021

user role with minimum amount of access for creating the icontrol user-id

Hi,

we need to allow SolarWinds to access an F5 running BigIP version 12.1.3 via REST iControl API and since we don't want to use the admin user-id for that, we were wondering what would be the Role (Operator??) with the least amount of access that we could give to that user?

 

Thanks.

  • eey0re's avatar
    eey0re
    Icon for Cirrostratus rankCirrostratus

    While iControl REST users have admin privileges by default, you can set up fine grained access control though it is a bit fiddly. You can create a custom "resource group" which defines all the REST endpoints (URIs) which the user will have access to and which operations (GET, POST, etc) which they will be allowed to perform.

     

    Instructions for doing this are in the DevCentral article iControl REST Fine-Grained Role Based Access Control.

     

    So to answer your question: the least privilege would be GET (read-only) of whichever few REST endpoints the user needs to be able to read from.

     

    Going to bite my tongue about SolarWinds 😄