Luis_54441
Aug 01, 2008Nimbostratus
Restricting user access rights to the BIGIP
Hi,
I am looking for a way to let a customer have SSH access so that he can:
+ see bigtop staticstics
+ view logs
+ run TCPDUMP & SSLDUMP
+ but, DO NOT want him to have access to configuration utilities like bigpipe commands
I have read that for any type of account (Guest, Operator, Application Editor, Application Security Policy Editor, Manager, User Manager, Resource Administrator, Administrator ) you have threepossible terminal access:
- disabled: no ssh access
- Advanced Shell: access to the unix bash shell.
- bigpipe shell: access to F5's shell.
But I do not understand if i have to enable the bigpipe shell to get the bigtop commands, and the TCPDUMP & SSLDUMP utilities. I also have not very clear if i select a guest role (no write permissions at all) but i give that guest SSH access to the bigpipe shell, will that user be able to change the BIGIP configuration using bigpipe commands?
I will really appreciate any information regarding this issue.
Thanks very much