NimbostratusHi all,
we are currently doing some tests with iControl REST on 11.5.1. So far it looks very good, but it looks like that only users in role Administrator can use the REST interface, users in role Operator are for example not able to access the API on context /mgmt/tm/ltm/pool/.
Are we missing anything or are only Administrators able to access the REST API?
Thank you in advance for your support
CumulonimbusThis has been asked a few times, others have always stated that the administrator role is required for iControl rest.
Nimbostratusopen a support case to request the feature. the more feature requests, the higher the priority to add the feature to a future release
Create a support case. Note RFE ID 476361 is probably what you are looking for.
NimbostratusThank you for the response, will do that. One more idea would be to create a policy-secured virtual with AD groups to permit access to specific REST calls based on group membership. Is it possible to create a pool on the same appliance to point to the local iControl REST endpoint?
Thx
NimbostratusThank you for clarification
NimbostratusOn 11.6 I was able to do this by creating an "audit" account and then assigning permissions to the REsT API with:
curl -k -u admin -H "Content-Type: application/json" -X PATCH https://<353417d8-11ab-45f3-9b2b-a8a3284b985a>/mgmt/shared/authz/roles/iControl_REST_API_User -d '{ "userReferences":[{"link":"<2cd6a666-2166-499a-b7f4-e65d77a45cd7 link filter-list-container-d03f4d3d-e890-462a-9ae1-49e301f7c2c6 clear-filters-d03f4d3d-e890-462a-9ae1-49e301f7c2c6 53576987-3cae-4d15-97dc-3d6a03568049>"}] }'
It is documented on the "icontrol-rest-user-11-6-0_15.pdf" manual on the "About iControl and RBAC for user accounts" section.