Forum Discussion

Josh_41258's avatar
Josh_41258
Icon for Nimbostratus rankNimbostratus
Apr 06, 2012

Restrict Access but allow iRule Edits

I need to find a way to allow certain users the ability to modify iRules, but not modify VS/Pools/etc. I was thinking of putting the iRules in a Partition that the users had access to, and leaving the other resources (VS, etc) in another partition.

 

 

Is this the best way to handle this?

 

 

Thanks,

 

 

 

Josh

 

config
design

2 Replies

Sort By
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Apr 07, 2012
    i understand you have to place irule in common partition.

    Understanding iRules and administrative partitions

    http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_configuration_guide_10_0_0/ltm_rules.html 

    [root@ve1023:Active] ~  b shell partition rule_partition
[root@ve1023:Active] ~  b rule rule1 list
rule rule1 {
   when RULE_INIT {}
   partition rule_partition
}

[root@ve1023:Active] ~  b shell partition Common
[root@ve1023:Active] ~  b virtual vs1 destination 1.1.1.1:80 rule rule1
BIGpipe virtual server rule creation error:
   01070726:3: A virtual server may only reference rules in the same partition or the common partition (vs1:rule1)
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Apr 07, 2012
    [root@ve1023:Active] ~  b shell partition Common
[root@ve1023:Active] ~  b rule rule1 list
rule rule1 {
   when RULE_INIT {}
}

[root@ve1023:Active] ~  b shell partition vs_partition
[root@ve1023:Active] ~  b virtual vs1 destination 1.1.1.1:80 rule rule1
[root@ve1023:Active] ~  b virtual vs1 list
virtual vs1 {
   destination 1.1.1.1:80
   partition vs_partition
   rules rule1
}