Forum Discussion

Altostratus

Mar 16, 2021

user role with minimum amount of access for creating the icontrol user-id

Hi, we need to allow SolarWinds to access an F5 running BigIP version 12.1.3 via REST iControl API and since we don't want to use the admin user-id for that, we were wondering what would be the Role...

LTM

security

eey0re

Cirrostratus

While iControl REST users have admin privileges by default, you can set up fine grained access control though it is a bit fiddly. You can create a custom "resource group" which defines all the REST endpoints (URIs) which the user will have access to and which operations (GET, POST, etc) which they will be allowed to perform.

Instructions for doing this are in the DevCentral article iControl REST Fine-Grained Role Based Access Control.

So to answer your question: the least privilege would be GET (read-only) of whichever few REST endpoints the user needs to be able to read from.

Going to bite my tongue about SolarWinds 😄

newbie

Altostratus

Mar 16, 2021

Thanks for your response...

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

user role with minimum amount of access for creating the icontrol user-id

Recent Discussions

ip x-forwarding

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Related Content

Create a DevCentral account

Creating iRules LX via iControl REST

iControl REST 101 – Creating Objects

Creating device trust / trust-domain through iControl REST Call(s)

iControl REST Authentication Token Management

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS