iControl REST Fine-Grained Role Based Access Control
Introduction
F5's role based access control (RBAC) mechanism allows a BIG-IP administrator to assign appropriate access privileges to the users (see Manual Chapter: User Roles). For example, with ...
Updated Jun 06, 2023
Version 2.0Satoshi_Toyosa1
Ret. Employee
Joined May 15, 2019
Piotr_Bratkows3
Dec 18, 2018Nimbostratus
@BenJ and Oliver
I managed to get this to work. As a non-admin user you need to have token and RBAC policy for example to modify pool member can be written in sucha a way:
{ "name":"poolModifyGroup",
"resources":[
{"restMethod":"PATCH", "resourceMask":"/mgmt/tm/ltm/pool/*" },
{"restMethod":"PATCH", "resourceMask":"/mgmt/tm/ltm/pool/*/*" },
{"restMethod":"PATCH", "resourceMask":"/mgmt/tm/ltm/pool/*/*/*" },
{"restMethod":"GET", "resourceMask":"/mgmt/tm/ltm/pool/*" }
]
}
If you only write
{"restMethod":"PATCH", "resourceMask":"/mgmt/tm/ltm/pool/*" }
then it's not enough.
Hope that helps.
Regards, Piotr