TACACS Authentication with Multiple Remote Roles

Question

We are running 11.2.1 HF1 on a pair of 11000s. Using TACACS for authentication and have a groups of application admins logging in using the "auditor" remote role. We now want to give them the "operator" role also so they can enable/disable nodes/pool members.&nbsp;
When I change the role of their remote role group to "operator" they lose access to System-&gt;Logs...which they still require.&nbsp;
So is there a way to combine the auditor and operator roles into 1 role/group?&nbsp;

hooleylist · Answer

Hi Brad, 
&nbsp;  
&nbsp; Under System  ››  Logs : Configuration : Options, you can allow access to the logs for the Operator role. 
&nbsp;  
&nbsp; Aaron

brad_otlin · Answer

Thanks Aaron.  That was WAY too easy.

pavel_71715 · Answer

Hi Aaron, 
&nbsp; Do you have any idea how to configure in v11.2 user rights only via TACAS+ server? This was done by bp shell in version 10.x. - please see example below. Thank you. 
&nbsp;  
&nbsp; BR, 
&nbsp;            Pavel 
&nbsp; bigpipe remoterole role info acs_auth_users { attribute "F5-LTM-User-Info-1=acs_auth_users" role "%F5-LTM-User-Role" user partition "%F5-LTM-User-Partition" console "%F5-LTM-User-Console" deny disable line order 1000}

what_lies_bene1 · Answer

Try these two commands; 
&nbsp; -[tmsh] modify auth remote-role 
&nbsp; -[tmsh] modify auth remote-user &nbsp;

Forum Discussion

TACACS Authentication with Multiple Remote Roles

4 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

Multiple AD Authentication

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

TACACS+ External Monitor (Python)

Doing mTLS Authentication per URL

Distributed caching of authentication requests with NGINX Ingress Controller