Forum Discussion
Loc_Pham_101863
Mar 10, 2005Historic F5 Account
Hi Tom,
1- Yes, iControl calls are split in terms of access. Any BIGIP users will belong to one of 3 classes: Administrators, Operators, or Guests. The user and his/her corresponding access level is created from the Web GUI. Although there might be some minor variances in how access is controlled between the GUI and iControl, but in general, it's very similar. If an iControl user is an Administrator, he/she can make any method call. If the user is an Operator, he/she can do get/query/find/is methods, as well as enabling/disabling virtual addresses and virtual servers, and also up/down nodes/pool members. If the user is a Guest, he/she can only have read access, i.e. get/query/find/is type of iControl methods.
2- There's a separate section that controls authentication/access for iControl within the same httpd.conf file.
Hope this helps.
Loc