Forum Discussion

John_Dunn_14596's avatar
John_Dunn_14596
Icon for Nimbostratus rankNimbostratus
Aug 18, 2014

iControl REST Interface: Least Privileged Access

When using the REST interface, the only way to pass discovery is by using an administrative user account. This account type is not able to be tied to a specific administrative partition and least privileged user account (Manager). Does iControl through REST support reduced permission access and partitioning?

 

Example request: https://x.x.x.x/mgmt/tm/ltm/pool

 

This will return the pools via a browser request using the REST interface. When prompted for credentials, the admin account will return the correct response. A non-admin account will return an authentication error.

 

See thread Limit icontrol/user access to specific virtual servers, pools

 

2 Replies

  • In v12+, you can use role/partition combinations to limit change control. For example, you can use the Manager role on a user assigned to a specific partition, and whereas they can see objects in Common, they cannot change them. For a code example, see my answer on this post.