APM, Users, Remote Role Groups and Partitions
Asking on behalf of a user having trouble posting...
Is there a way to grant an AD user in an AD group the rights to do APM-specific things like manage sessions, without giving full adminstrative access to everything else in the big-ip? I've already set up the application in its own partition, anticipating that this would allow me to grant user rights to it. I have a working group for view-only access and one with Operator access for bringing pool members down.
However, when when I try to set up a remote role group to have access to the partition I've created, one of two things happens. Either a role like "manager" doesn't have access to see things within APM, or I set them higher to something like "resource administrator" and even though the F5 lets me select the specific partition I want, when I click Update it reverts back to Partiton Access: All. There is no indication of an error, so I assume it's a limitation baked into the code somewhere.
Is there no way to make someone an admin (or at least be able to manage APM within a specific partition) without giving them full rights on the whole config?