Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Using RBAC With iControlREST on BIG-IP

BIG-IP is able to use built-in Role-Based Access Control (RBAC) functionality.  The operator function will be used in this example.  This article gives some guidance on how you can use such a role in...
Published Dec 22, 2016
Version 1.0
cloud
devops
iControlREST
LTM
gert_wolfis's avatar
Ret. Employee
From the moment I built my first Internet street for a financial institute and saw the F5 capabilities, I was hooked. That is about 15 years ago and meanwhile a lot has changed... Now, every day is F5 day! The technologies used, and the people involved make it an inspiring culture which I am proud to be part of for more than ten years now. In my daily job I am constantly involved in answering customer questions, delivering the best possible designs and technology adoption possible to support them in their digital journey to the cloud. Within that spectrum there is no technology left untouched and conversations go from BIG-IP and BIG-IQ to integrating those solutions in public clouds and private clouds, the use of automation. Another often requested topic is F5 Container Integrated services and how NGINX can be leveraged in container environments. Please use my contributions to DevCentral to learn F5 use cases and when there are questions don't hesitate to contact me.
View Profile
seilemor_131269's avatar
seilemor_131269
Icon for Altostratus rankAltostratus
Apr 12, 2017

I've playing around with the iControl feature. My goal is to setup a monitoring solution based on iControl possibilities.

 

Now I've the following issue:

 

Using the local admin accont will work. I can read and write data:

 

curl -sk -u admin https://HOSTNAME/mgmt/tm/ltm/pool/POOLNAME/members/~Common~NODENAME -H "Content-Type: application/json" -X PATCH -d '{ "session":"user-enabled", "state":"user-down" }'

Using an ActiveDirectory Account I can read data, but if I try to write data using the command from above I'll get the following issue:

 

{"code":400,"message":"Found unexpected URI tmapi_mapper/ltm/~Common~pool/POOLNAME/members/~Common~NODENAME.","errorStack":[],"apiError":1}

Now I don't know whats the problem here. I already tested a lot with different passwords, user roles, the Header X-F5-Auth-Token, patching the iControl_REST_API_User Group... nothing will work. Does anyone else has an idea what I can test now?

 

Thanks...