BIG-IQ 6.0.1 and AD User Groups
This is a PoC for BIG-IQ, so I'm playing around with the system. I've set up AD as the Auth Provider, assigned a User Group for my team, and assigned Administrator Role. However when trying to authenticate, an error message says "User has no roles or group associations." I can't authenticate with my AD credentials until I also add my AD username under the Users list. This is different from my LTMs, which permits authentication based on a user's security group membership. Do I have to add specific users for every account that needs access to the BIG-IQ?
BIG-IQ: User Access Control only to Monitoring
Hi all, A customer here want to create a RBAC config so that users in a group only have the monitoring right for their objects. I tried to setup the following: User „user_monitoring“ created. User Group „GRP_MONITORING“ created -> Added User „user_monitoring“, Roles „MONITORING APM Viewer“, „MONITORING LTM Viewer“ Custom Resource Group „MONITORING“ -> Added all virtual-server and child objects who we want to see the monitoring and statistics. Custom Service Role „MONITORING APM Viewer“ -> Added Resource Group “MONITORING”, “GRP_MONITORING” Custom Service Role „MONITORING LTM Viewer“ -> Added Resource Group “MONITORING”, “GRP_MONITORING” I cannot find any resource or object for monitoring/statistics only. How should the customer proceed to create a monitoring only group? Thanks for help... PeterIs iControl REST RBAC present in 11.5?
Hi, In the 11.6 version of the iControl REST user guide there is a section REST-> About iControl and RBAC for user accounts, which shows how a non-admin account can be given access to REST via https. This section is missing in the 11.5 version of the same guide. We are using 11.5 firmware on our F5s (BIGIP-11.5.1.0.0.110) Can I ask our F5 admins to create a non-admin account with access to REST as documented on page 22/23 of the guide, and will this work, or do I need to ask them to upgrade to 11.6 before this will work correctly? Thanks, Andrew.Help! ACS, v11.6, variable substitution for multiple user roles in multiple partitions?
v11.6 allows multiple roles per account as long as they are assigned to different partitions. What is the recommended configuration for LTM v11.6 and ACS 5.2 to support variable substitution for complex RBAC assignments? For instance, UserA in AD who is a member of AD groups 'F5 Operator' and 'F5 Certs' can login and have manager access to PartitionA and Certificate Manager access to Common.