User Roles in BIG-IQ

Thanks for your response, Kyle.

I work for the central IT department of a university and would like to offer load balancing services to the various faculties and departments around campus. Using LTM, we'd like to make it self service to minimize the number of tickets the departments will need to submit to do day to day operational tasks.

For the most part, we can segregate user access by partitions. So dept A can only access partition A, and so forth. For these users, we'd like them to be able to: - add/enable/disable nodes, pools, and virtual servers - create/update iRules - manage SSL certificates (import certs, replace certs that have expired, etc) - other day to day operation tasks

Since we're using partitions, I think we can do most of the above just by using Big-IPs built in RBAC except for SSL cert management. I think this requires a separate user account to be created just to perform this task so it would be nice if Big-IQ can somehow address this.

We also have one "shared" partition where various departments will be hosting their services. So we'll need to somehow limit each department's access to just their respective nodes, pools, and virtual servers within this partition. - add/enable/disable their own nodes, pools, and virtual servers (looks like the Virtual Server and Pool Member operator roles can satisfy this requirement) - create/update iRules but just apply them to their own virtual servers - manage their own SSL certificates

Hope this helps with future development. Please let me know if you need more info or need me to expand further.

Thanks, Randell

On top of SSL cert management, being able to have a role that lets a user only edit a single external data group file would be great.

We use this use for our site maintenance mode control file. Works great but requires one of our network admins to make the change as our developers do not have access to the F5. Ideally, they would be able to make the changes themselves without being exposed to anything else in the interface.