iControl permissions

Question

Hi All,&nbsp;Hoping that you can help me on this, i'm fairly new to f5 and facing a task that i need help with.&nbsp;I'm trying to add an iControl permission for our web dev team for them to pull the status of the nodes on f5 LTM via API.&nbsp;I am having a problem when adding the user to iControl. I followed the guide from this link https://support.f5.com/csp/article/K84925527#allowremotewithbasic but i can't add the service account.&nbsp;I'm using my personal admin account for f5 that is tied to AD to add the user.The password contains the character (!) on it. Also tried using \ as an escape character.&nbsp;curl -sk -u sampeuser:password\! https://localhost/mgmt/shared/authz/roles/iControl_REST_API_User -H "Content-Type: application/json" -X PATCH -d '{ "userReferences":[{"link":"https://localhost/mgmt/shared/authz/users/devaccount"}] }'&nbsp;the return code is: "code":401,"message":"Authorization failed:&nbsp;I also tried using our root cli account.&nbsp;curl -sk -u root:password\! https://localhost/mgmt/shared/authz/roles/iControl_REST_API_User -H "Content-Type: application/json" -X PATCH -d '{ "userReferences":[{"link":"https://localhost/mgmt/shared/authz/users/devaccount"}] }'&nbsp;the return code is a bunch of error.&nbsp;{"name":"iControl_REST_API_User","userReferences":[{"link":"https://localhost/mgmt/shared/authz/users/zmfrancis"}],"resources":[{"resourceMask":"/mgmt/tm/vcmp/*","restMethod":"PUT"},{"resourceMask":"/mgmt/tm/util/*/*","restMethod":"PATCH"},{"resourceMask":"/mgmt/tm/auth/*/*/*","restMethod":"GET"},{"resourceMask":"/mgmt/tm/sys/*/*/*/*/*/*/*","restMethod":"POST"},{"resourceMask":"/mgmt/tm/pem","restMethod":"GET"},{"resourceMask":"/mgmt/tm/wam/*/*","restMethod":"POST"},{"resourceMask":"/mgmt/tm/ltm/*/*/*/*/*/*/*/*/*","restMethod":"POST"},{"resourceMask":"/mgmt/tm/net/*/*/*/*/*/*/*/*","restMethod":"PATCH"},{"resourceMask":"/mgmt/tm/transaction/*/*/*","restMethod":"PUT"},{"resourceMask":"/mgmt/tm/vcmp/*/*/*/*/*/*","restMethod":"DELETE"},{"resourceMask":"/mgmt/tm/cli","restMethod":"DELETE"},{"resourceMask":"/mgmt/tm/gtm/*/*/*/*/*/*/*","restMethod":"GET"},.........

jg · Answer

Try it as the "admin" user.

jonwest1_uk · Answer

Or alternatively you can use your personal account with Token Based Authentication. Generate a Token in a first API request then include the token as a header in your next request. There's a good example here:

https://f5-automation-labs.readthedocs.io/en/latest/class1/module1/lab2.html

jaikumar_f5 · Answer

Also its not like you always have to parse the password in the same command.When you give -u and parse only the username and hit enter.It would automatically ask for the password in the prompt.

Forum Discussion

iControl permissions

3 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

Insufficient permissions BIG-IQ login error

iControl REST Authentication Token Management

Microsoft Powershell with iControl

iControl vs AS3

Operator Role for user with only API permission