Salutations Good People!
 
I am attempting to configure RBAC Access on my Lab instance, as to not break Production (despite how fun that is), and i am running into some odd issues that i was hoping to get some feedback on (in order to tell me what i am doing wrong).
 
I set up RBAC following this guide, modifying things as needed for my environment:
https://devcentral.f5.com/s/articles/icontrol-rest-fine-grained-role-based-access-control-30773
 
We are running v13.1.0.6.
 
We are wanting to use the RBAC control to allow for a limited user to be able to swap the active node in a specific pool in order to change the active server for Blue Green Application Deployments.
 
As our F5 is Active Directory integrated, we have set up a new user in AD and added a AD Group to the Remote Role Groups in the F5 configuration. This group is set up with the assigned role of Operator.
 
I was able to configure a working setup for the RBAC user but i am getting intermittent Access Denied messages when attempting to enable or disable a node in a pool.
 
I created a Custom Resource Group and a Custom Role for this using the Steps in the guide linked above. I made sure to grant the resource group PATCH, PUT, and GET http rest methods.
 
How can we avoid the Access Denied messages? From what i was reading, this is due to the account not being an administrator on the F5, which we dont want.
 
The other thing that i have questions on is the Token Based Authentication.
The Default time limit is 20 minutes for the life of the Token, and i have found how to extend that.
The question i have is this:
1. So far in order to get the token i have to pass the admin credentials in order to get the token for the service account or local non admin account i am trying to use. Is there a way to get the token or use basic Authentication directly as either a non admin local user, or as the service account from AD?
 
Thank you for taking the time to look at this and read this wall of text.
 
Nimbostratus