user permission

Question

Hi,&nbsp;
&nbsp;We want to show user interface of f5 bigip to a user,a role or a partition differently. We want to prevent that some users can not look at some datas or be changed some configuration. For example for user "test", we want to disable system-&gt;Configuration-&gt;local traffic page with a perl script, changing icontrol,etc.  Is this possible with ICONTROL? or how we do this? &nbsp;
&nbsp;Thanks..&nbsp;&nbsp;&nbsp;

jrahm · Answer

It's possible, but I think differently than you are expecting.  Before I go further, are you familiar with creating administrative partitions in the GUI, which allow by object and by role what a user can see/change?  It'd be a worthwhile exercise to explore that first.  If that doesn't meet your needs, then you're looking at a custom application (web-based or desktop) that will restrict what a user can see based on the options you control through iControl interface/method calls.  This application would exist off-box, either on a server or on a desktop.  There are some examples in perl linked here: http://devcentral.f5.com/wiki/default.aspx/iControl/Perl.html Click Here

safiyet_80777 · Answer

Thanks Jason, 
&nbsp;  
&nbsp; Your reply is very helpful for us. we are familiar with partitions, but it does not meet our needs. I look at perl scripts. Must we use a script or do we do this with changing icontrol codes? For example, do we add a new role to usermangement.cs for our specific permissions? and I have an other question. How we disable or enable pages, which method or interface should we use?  
&nbsp;  
&nbsp; thanks a lot.

jrahm · Answer

iControl is just an interface to the BIG-IP to make sysetm and configuration changes.  I don't believe adding new roles or customizing existing roles is supported.  Only way I'm familiar with to do something like this is to write a script/application that uses iControl and "hides" the features you don't want to give users access to by not including them in your application, or at least restricting them by user.

safiyet_80777 · Answer

&nbsp; thanks a lot. I investigate powershell. I can not decide that which one I should use perl or powershell. But I can not hide the features with powershell. for example how I hide LocalB.Network Map? I looked at from powershell web page but I can not find. Maybe my questions are simple, but I am a new person in F5,i-control,powershell... Sorry for inconvenience.

hooleylist · Answer

The idea is that you create a custom application using the language or your choice.  With that application you only allow users to execute specific operations that you want.  In effect, you're replacing the default admin tools like the GUI or the command line.  You're not modifying the default admin GUI or CLI behavior on LTM. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

user permission

7 Replies

Recent Discussions

preserve client IP on layer 4 VIP

Failed to convert character dclid=%EDclid!

ASM - Parent policy vs OWASPcompliance

Rewrite uri translation not working

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

Related Content

Insufficient permissions BIG-IQ login error

DEVCENTRAL END-USER LICENSE AGREEMENT

Update your DevCentral user profile

User access to servers

Synthetic Monitoring helps you detect application issues before your users do