Forum Discussion
gaspol33_275602
Nimbostratus
NimbostratusUser Roles in BIG-IQ
Is there a way to create custom role types in BIG-IQ? For example, I'd like to create a role which allows a user to manage pools, virtual servers, and SSL certificates in BIG-IP. Can this be done? Fr...
Stefan_Klotz
Cumulonimbus
CumulonimbusHi again,
I tried now to create custom access to the BIG-IQ following this article. I created:
- Role Type: Service->LTM, Object Type->Virtual Servers, only Read Access
- Resource Group: Select 14 Virtual Servers from a single BIG-IP cluster with previous created Role Type
- Custom Service Role: assign all previous created objects to a test-user
-> If I check the "View Permissions" button, everythings looks fine, I can see only the 14 VS and its assigned resources with only Read permissions.
-> But when I login to BIG-IQ with the test-user, I still can see ALL configurations across ALL BIG-IP clusters.
Any idea what's going wrong here or how I can further troubleshoot this? Is this somehow related to inherit TACACS groups permissions (admin_group & operator_group)? If so, how can I fix this?
:EDIT: ok, it's conflicting with the user groups and the "Authorization Attributes" as long as the permissions for these groups are not matching with the custom ones. But this is good to know, because then we can manage permissions via appropriate attributes from the TACACS server.
Thank you!
Regards Stefan :)