Forum Discussion
User Roles in BIG-IQ
Currently, you are correct on the roles you can create. It is also important to note that you can apply multiple roles to a single user or user group. We do not currently have a role specific to managing certificates, but we do have roles that cover virtual server enable/disable, as well as pool member enable/disable.
Can you describe the roles you are looking for in detail, including what you expect that user to be able to do/see?
We are in the process of scoping additional changes to the RBAC in BIG-IQ and the more customer details/stories we can include the better.
Thanks for your response, Kyle.
I work for the central IT department of a university and would like to offer load balancing services to the various faculties and departments around campus. Using LTM, we'd like to make it self service to minimize the number of tickets the departments will need to submit to do day to day operational tasks.
For the most part, we can segregate user access by partitions. So dept A can only access partition A, and so forth. For these users, we'd like them to be able to: - add/enable/disable nodes, pools, and virtual servers - create/update iRules - manage SSL certificates (import certs, replace certs that have expired, etc) - other day to day operation tasks
Since we're using partitions, I think we can do most of the above just by using Big-IPs built in RBAC except for SSL cert management. I think this requires a separate user account to be created just to perform this task so it would be nice if Big-IQ can somehow address this.
We also have one "shared" partition where various departments will be hosting their services. So we'll need to somehow limit each department's access to just their respective nodes, pools, and virtual servers within this partition. - add/enable/disable their own nodes, pools, and virtual servers (looks like the Virtual Server and Pool Member operator roles can satisfy this requirement) - create/update iRules but just apply them to their own virtual servers - manage their own SSL certificates
Hope this helps with future development. Please let me know if you need more info or need me to expand further.
Thanks, Randell
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com