iControl REST Fine-Grained Role Based Access Control

Introduction F5's role based access control (RBAC) mechanism allows a BIG-IP administrator to assign appropriate access privileges to the users (see Manual Chapter: User Roles). For example, with ...
Updated Jun 06, 2023
Version 2.0
BIG-IP
devops
iControlREST
Super-NetOps
Piotr_Bratkows3's avatar
Piotr_Bratkows3
Icon for Nimbostratus rankNimbostratus
Dec 18, 2018

@BenJ and Oliver

I managed to get this to work. As a non-admin user you need to have token and RBAC policy for example to modify pool member can be written in sucha a way:

{   "name":"poolModifyGroup", 
    "resources":[ 
        {"restMethod":"PATCH", "resourceMask":"/mgmt/tm/ltm/pool/*" }, 
        {"restMethod":"PATCH", "resourceMask":"/mgmt/tm/ltm/pool/*/*" }, 
        {"restMethod":"PATCH", "resourceMask":"/mgmt/tm/ltm/pool/*/*/*" }, 
        {"restMethod":"GET", "resourceMask":"/mgmt/tm/ltm/pool/*" }
    ]
}

If you only write 

{"restMethod":"PATCH", "resourceMask":"/mgmt/tm/ltm/pool/*" }
then it's not enough.

Hope that helps.

Regards, Piotr