Forum Discussion
Mar 18, 2015
Hi Mattias,
you can use authorization roles and mask access control. I´m using it on v11.5.1 at one of my clients since a couple of months. It´s possible to create a list of masks for the differents REST methods in the following format:{
"resourceMask": "/mgmt/tm/ltm/*/*/*/*/*",
"restMethod": "PUT"
},
This information (role definition for "iControl_REST_API_LTM_Pool_Change") is stored in a .json file.
It will be imported this way:curl -sk -u admin:admin -X POST -H "Content-type: application/json" https://localhost/mgmt/shared/authz/roles -d @icr_ltm_pool.json
There is a guest user (api_user) defined on the system who will get the role assigned:
curl -sk -X PATCH -u admin:admin -H "Content-type: application/json" https://localhost/mgmt/shared/authz/roles/iControl_REST_API_LTM_Pool_Change -d '{"userReferences":[{"link":"https://localhost/mgmt/shared/authz/users/'"${api_user}"'"}]}'
This information is not stored in a .ucs archive and will get lost after software update.
You need to restore it manually (lines above were taken from a script to automate this task). Thanks, Stephan