Troy,
First of all, thanks for the compliment on the documentation. What's pretty cool about our code base is that the entire SDK is auto-generated from a set of interface definition files that are the core for our server processing code. We've built our own set of tools that, at development and build time, will validate all aspects of the interfaces (naming conventions, documentation, etc) so that all of our interfaces "look and feel" the same. I can't imagine what it would take to manage a 1800+ method SDK documentation by hand!
Now, back to your question. Unfortunately there is no way right now to build custom Roles with special privileges on specific objects. We've built in the following Roles (which I'm sure you are aware of from the
Management::UserManagement interface).
USER_ROLE_ADMINISTRATOR
The Administrator has full control of all aspects of the iControl interfaces.
USER_ROLE_TRAFFIC_MANAGER
The Traffic Manager (or Operator) can do all get/query/find/is methods as well as enable/disable virtual addresses and virtual servers. He/she cal also up/down nodes and pool members.
USER_ROLE_GUEST
The Guest role only has read-only access. So they can make calls to query or lookup information but cannot change or modify the configuration in any way.
Historically, customers that have had custom role based needs, will build a "front-end" application that does it's own set of authorization allowing the users that it knows about to perform the actions that the application deems them worthy of.
We also provide a product called
iControl Service Manager which provides alot of the management features but allows more detailed role based configurations.
Let us know what things you are working on! We are always on the lookout for a good case study or just references to help us in adding new features to our products in the future.
Take care,
-Joe