cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

user role with minimum amount of access for creating the icontrol user-id

newbie
Altostratus
Altostratus

Hi,

we need to allow SolarWinds to access an F5 running BigIP version 12.1.3 via REST iControl API and since we don't want to use the admin user-id for that, we were wondering what would be the Role (Operator??) with the least amount of access that we could give to that user?

 

Thanks.

2 REPLIES 2

eey0re
Cirrostratus
Cirrostratus

While iControl REST users have admin privileges by default, you can set up fine grained access control though it is a bit fiddly. You can create a custom "resource group" which defines all the REST endpoints (URIs) which the user will have access to and which operations (GET, POST, etc) which they will be allowed to perform.

 

Instructions for doing this are in the DevCentral article iControl REST Fine-Grained Role Based Access Control.

 

So to answer your question: the least privilege would be GET (read-only) of whichever few REST endpoints the user needs to be able to read from.

 

Going to bite my tongue about SolarWinds 😄

Thanks for your response...