Access rights separation for APM/LTM

Question

Hello,&nbsp;
We are currently running F5 LTM on a vcmp on a viprion system.
Currently, we only have the LTM license. The LTM module for load-balancing is managed by our Team.
Now, we need to plan the deployment of the APM module on our VCMP.
The APM part of the vcmp should be managed by another team.
Is there a way to restrict the rights so that :
-User A should only by allowed to modif/add/remove objet from APM configurations
-User B should only be allowed to modif/add/remove object from LTM configuration &nbsp;
I did not found granular role that should allow this.
If not possible, I suppose we should use a separate vcmp for the APM module and only give access to it for user A. User B being allowed on the vcmp running LTM.&nbsp;
THanks in advance&nbsp;
Thanks a lot 
Regards&nbsp;

amiles_377865 · Accepted Answer

Hello Frederic,&nbsp;
You're correct; the default Big-IP roles do not divide up LTM/APM, basically just LTM/ASM.&nbsp;
However, you can do role-based authorization in Big-IQ, which has a couple of different options for dividing up module teams.  You might want to look into getting one for your environment.&nbsp;
Best of luck,&nbsp;
Austin&nbsp;

frédéric_lemair · Answer

Thanks for your rapid answer.
Regards
Frédéric&nbsp;

Forum Discussion

Access rights separation for APM/LTM

2 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

Log separation by event

Federated AWS Console Access Made Easy: F5 BIG-IP Access Policy Manager Access Guided Configurations

https and separate port VS

Separating False Positives from Legitimate Violations

Format objectGUID attribute from hexadecimal to bindable string (hyphen-separated format)