Although this thread is already some years old, I think my question best matches here, because it's a general design/concept question for user roles.
We are currently using BIG-IQ with version 7.1.0 and I'm looking forward for a concept to fullfill the following requirements:
- We have several different BIG-IPs (30+), which are all managed via BIG-IQ
- Avoid the use of partitions on each BIG-IP for the users to view only "their" configuration/services
- Use BIG-IQ as a centralized device, where different users can login with their personal account and see only "their" configuration/services across all BIG-IPs
- Update assigned Resources automatically once a new configuration is done on a BIG-IP. This can also be done with appropriate API-call against BIG-IQ.
My current idea is:
- Create a unique Resource Group for each user and assign "their" configuration/services across all BIG-IPs
- Create a unique Role for each user, assign the Resource Group to it and bind it to the corresponding user
Is this a good idea? Is this possible at all? Or are there maybe any other options/configurations possible for above mentioned concept?
Thank you for any shared ideas!
Regards Stefan :)