Forum Discussion
thiezn_180250
Jun 07, 2016Nimbostratus
Hello Arnaud, thanks for the reply
I tried this indeed but it seems the rights assigned to the user during user creation has no effect on the permissions on the iControl REST API. The user is created in partition VPN and only has manager permissions on the VPN partition.
Then when I retrieve for instance /mgmt/tm/ltm/pool I am still getting back pool members in the Common partition:
curl -k -u api-test:password -X GET https://f5apm01/mgmt/tm/ltm/pool
{"kind":"tm:ltm:pool:poolcollectionstate",
"selfLink":"https://localhost/mgmt/tm/ltm/pool?ver=12.1.0",
"items":[{"kind":"tm:ltm:pool:poolstate",
"name":"test-pool-api-common",
"partition":"Common"},
{"kind":"tm:ltm:pool:poolstate",
"name":"euremoteuat.rabobank.com-AD_Auth-pool",
"partition":"VPN","fullPath":"/VPN/euremoteuat.rabobank.com-AD_Auth-pool", ...}]
...data trunkated...}
- Arnaud_LemaireJun 07, 2016EmployeeThat is expected behavior Common partition is available to everyone. The user has access to common and VPN partition, the REST call will respond with everything like in the gui if you had selected partition VPN = common + VPN. Now i better understand, you are looking for a way that a partition user can accesses only the partition and not the Common, is that correct ?
- thiezn_180250Jun 07, 2016NimbostratusYes that's correct. We would like to prevent them from accessing, creating objects in the common partition. For instance we maintain the device sync, routing, logging, etc in the Common partition and want to avoid the users to make any changes to this.
- Piotr_Bratkows3Nov 08, 2016Nimbostratus
@thiezn Did you managed to resolve this issue? I'm struggling with similiar problem, that I have user with Operator role and still is able to create objects on the Common partition.
Regards, Piotr