Thanks for your response, Kyle.
I work for the central IT department of a university and would like to offer load balancing services to the various faculties and departments around campus. Using LTM, we'd like to make it self service to minimize the number of tickets the departments will need to submit to do day to day operational tasks.
For the most part, we can segregate user access by partitions. So dept A can only access partition A, and so forth. For these users, we'd like them to be able to:
- add/enable/disable nodes, pools, and virtual servers
- create/update iRules
- manage SSL certificates (import certs, replace certs that have expired, etc)
- other day to day operation tasks
Since we're using partitions, I think we can do most of the above just by using Big-IPs built in RBAC except for SSL cert management. I think this requires a separate user account to be created just to perform this task so it would be nice if Big-IQ can somehow address this.
We also have one "shared" partition where various departments will be hosting their services. So we'll need to somehow limit each department's access to just their respective nodes, pools, and virtual servers within this partition.
- add/enable/disable their own nodes, pools, and virtual servers (looks like the Virtual Server and Pool Member operator roles can satisfy this requirement)
- create/update iRules but just apply them to their own virtual servers
- manage their own SSL certificates
Hope this helps with future development. Please let me know if you need more info or need me to expand further.
Thanks,
Randell