Minimun permissions to use iRules Editor

Question

First off, I'm really green when it comes to the editor and iControl. My question is one of rights. We have several BigIPs in remote locations and it appears that when the editor starts it wants to connect to a BigIP. As we have the BigIP's managed by a different group than the ones doing iRules development (that's us more on the appdev side), I need to know something about permissions.&nbsp;
&nbsp;So, I have a few questions I hope can be answered by a kind soul:&nbsp;
&nbsp;1. Am I correct that the editor needs to connect to a BigIP to function?
&nbsp;2. Does the editor use iControl to communicate with BigIP?
&nbsp;3. Is there a basic permission type that one would setup to allow users to use the editor? I read about the roles in the SDK and I could see a case that a non-admin user is an editor of a partition that allows them to edit rules but it wasn't clear.
&nbsp;4. If this was actually in the docs, let me know where. I was looking for a basic text that said something like "To use the iRules editor, you must have _____access to a BigIP and a user account with the _______privilege. I might have missed it.&nbsp;
&nbsp;Thanks,&nbsp;
&nbsp;Tom

joe_pruitt · Answer

1. Am I correct that the editor needs to connect to a BigIP to function?&nbsp;
&nbsp;You are correct.  The iRule editor was built as a live extension to the BIG-IP configuration.  It needs a connection to a BIG-IP to validate the format.&nbsp;&nbsp;2. Does the editor use iControl to communicate with BigIP?&nbsp;
&nbsp;Absolutely.  &nbsp;&nbsp;3. Is there a basic permission type that one would setup to allow users to use the editor? I read about the roles in the SDK and I could see a case that a non-admin user is an editor of a partition that allows them to edit rules but it wasn't clear.&nbsp;
&nbsp;An Administrator level account is required to make use of all of the editor features.  Also, currently the Editor does not support partitions aside from the default partition.&nbsp;&nbsp;4. If this was actually in the docs, let me know where. I was looking for a basic text that said something like "To use the iRules editor, you must have _____access to a BigIP and a user account with the _______privilege. I might have missed it.&nbsp;
&nbsp;It's not in the Editor docs,  I'll have to look into building a better FAQ for iControl in general.  To use the iControl methods, the user must have Operator access to read and partial write (enable/disable operations).  The account must be an Admin or Application Security Policy Editor to modify to create/remove objects.&nbsp;
&nbsp;-Joe

Forum Discussion

Minimun permissions to use iRules Editor

1 Reply

Recent Discussions

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Chrome V 124+ on MacOS - Virtual Server Access Issue

Related Content

Insufficient permissions BIG-IQ login error

iRules Style Guide

Operator Role for user with only API permission

Hey ChatGPT, can you write iRules?

POC: Validate JWT with iRule