For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

newbie's avatar
newbie
Icon for Altostratus rankAltostratus
Mar 16, 2021

user role with minimum amount of access for creating the icontrol user-id

Hi, we need to allow SolarWinds to access an F5 running BigIP version 12.1.3 via REST iControl API and since we don't want to use the admin user-id for that, we were wondering what would be the Role...
LTM
security
eey0re's avatar
eey0re
Icon for Cirrostratus rankCirrostratus
Mar 16, 2021

While iControl REST users have admin privileges by default, you can set up fine grained access control though it is a bit fiddly. You can create a custom "resource group" which defines all the REST endpoints (URIs) which the user will have access to and which operations (GET, POST, etc) which they will be allowed to perform.

 

Instructions for doing this are in the DevCentral article iControl REST Fine-Grained Role Based Access Control.

 

So to answer your question: the least privilege would be GET (read-only) of whichever few REST endpoints the user needs to be able to read from.

 

Going to bite my tongue about SolarWinds 😄

newbie's avatar
newbie
Icon for Altostratus rankAltostratus
Mar 16, 2021
Thanks for your response...