Forum Discussion
JRahm
Jan 30, 2017Admin
If you assign the Manager user role and limit their access to a specific partition, they can still see the common objects but cannot change them.
>>> import requests
>>> requests.packages.urllib3.disable_warnings()
>>> from f5.bigip import ManagementRoot
>>> b = ManagementRoot('192.168.102.5', 'user_mgr', 'letmein00', token=True)
>>> pools = b.tm.ltm.pools.get_collection()
>>> for x in pools:
... print '{0}/{1}'.format(x.partition, x.name)
...
Common/checkityo
Common/myNewPool2
Common/myNewPool222
Common/mynewpool22
Common/priTest
Common/testpool
Load existing pool
>>> p1 = b.tm.ltm.pools.pool.load(name='checkityo', partition='Common')
Check existing LB method
>>> p1.loadBalancingMode
u'round-robin'
Change it
>>> p1.loadBalancingMode = 'ratio-member'
Try to update the 'Common' object; it will fail
>>> p1.update()
Traceback (most recent call last):
File "", line 1, in
File "/Users/rahm/venv_bucketlist/lib/python2.7/site-packages/f5/bigip/resource.py", line 594, in update
self._update(**kwargs)
File "/Users/rahm/venv_bucketlist/lib/python2.7/site-packages/f5/bigip/resource.py", line 567, in _update
**requests_params)
File "/Users/rahm/venv_bucketlist/lib/python2.7/site-packages/icontrol/session.py", line 272, in wrapper
raise iControlUnexpectedHTTPError(error_message, response=response)
iControlUnexpectedHTTPError: 400 Unexpected Error: Bad Request for uri: https://192.168.102.5:443/mgmt/tm/ltm/pool/~Common~checkityo/
Text: u'{"code":400,"message":"01070822:3: Access Denied: User (user_mgr) may not modify objects in partition (Common)","errorStack":[],"apiError":3}'
Create a pool in 'biz_crit' partition; it should work
>>> pool = b.tm.ltm.pools.pool.create(name='newpool', partition='biz_crit')
Verify it now exists
>>> b.tm.ltm.pools.pool.exists(name='newpool', partition='biz_crit')
True
Try to create a pool in 'Common'; it will fail
>>> pool = b.tm.ltm.pools.pool.create(name='anothernewpool', partition='Common')
Traceback (most recent call last):
File "", line 1, in
File "/Users/rahm/venv_bucketlist/lib/python2.7/site-packages/f5/bigip/resource.py", line 933, in create
return self._create(**kwargs)
File "/Users/rahm/venv_bucketlist/lib/python2.7/site-packages/f5/bigip/resource.py", line 900, in _create
response = session.post(_create_uri, json=kwargs, **requests_params)
File "/Users/rahm/venv_bucketlist/lib/python2.7/site-packages/icontrol/session.py", line 272, in wrapper
raise iControlUnexpectedHTTPError(error_message, response=response)
iControlUnexpectedHTTPError: 400 Unexpected Error: Bad Request for uri: https://192.168.102.5:443/mgmt/tm/ltm/pool/
Text: u'{"code":400,"message":"01070822:3: Access Denied: User (user_mgr) may not modify objects in partition (Common)","errorStack":[],"apiError":3}'