Authorization

Question

Hello,&nbsp;
I'm using TACACS+ to control access to my LTM's (Relevant device running 11.5.0HF4).
I would like to allow one of my users to have a Guest TMSH account however allow him to delete the RAM cache as well.
How can I achieve this ?&nbsp;
Thanks!&nbsp;

arnaud_lemaire · Answer

Hi, may be Icontrol could be a solution, creating a dedicate script (somehow compiled to hide login/password) for him to play with ram cache objects until we have a better RBAC.&nbsp;

chura_16140 · Answer

Yes, The Dev Team working on it.
So I guess currently its impossible ?&nbsp;
Thanks!&nbsp;

arnaud_lemaire · Answer

today guess role doesn't have access to delete command used to delete ramcache, and we cannot add more action to this role. i'm not familiar to cli scripting but first tests shows that it's not elevating privilege.

chura_16140 · Answer

We're working on iControl to do so.
But again i'm facing a problem.
The DEV need a user for it, and this user need full access right ?
Or can I set a user to be able to run via iControl only ?&nbsp;

Forum Discussion

Authorization

4 Replies

Recent Discussions

LDAPS and renegotiation

Need advise to setup a policy on F5

Web acceleration

What are the different phases in DevOps?

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

Related Content

JWT authorization with NGINX Ingress Controller

iRule - Authorization Bearer / Basic

OWASP Tactical Access Defense Series: Broken Object Property Level Authorization and BIG-IP APM

Resolve Citrix Secure Ticket Authority (STA)

WAF for APM Oauth Authorization VS