Forum Discussion

José_Ramón_Veci's avatar
José_Ramón_Veci
Icon for Nimbostratus rankNimbostratus
Jun 10, 2019

User role for remote command

Hi all,

 

 I'm trying to disable some members from a bash script in a remote server using a curl command

 

curl --insecure -u operator:operator -H "Content-Type: application/json" -X PUT https://myf5.ipaddress.com/mgmt/tm/ltm/pool/Pool_01/members/~Common~member01:80 -d '{"session":"user-disabled","state":"user-down"}'

 

 This works fine while you are using a user with admin privileges but I don't like this. I want to limit permissions but when I change it form administrator to another role (operator, manager, resource administrator ... etc) and send the command, returns a error message:

 

"code":401,"message":"Authorization failed: 

 

I thing that I'm doing something wrong because I thing that it's not possible that a user to make this job must have all privileges than a administrator

 

 Someone has tried something like this and works fine ? Wich role have configured ??

 

Best Regards. Jose.

BIG-IP
devops
LTM
security

1 Reply

Sort By
  • Dario_Garrido's avatar
    Dario_Garrido
    Icon for MVP rankMVP
    Jun 10, 2019

    Hello Jose

    I would repeat the query using GET to verify that your user can access in mode read-only to this resource. In case of no, you should validate your user permissions (user configuration).

    Also, iControl REST uses RBAC.

    https://devcentral.f5.com/s/articles/icontrol-rest-fine-grained-role-based-access-control-30773

    Check the group assigned to your user and verify if it has access to the resource/method that you are using.

    curl -k -u admin:XXX -X GET https://localhost/mgmt/shared/authz/roles | json-format
curl -k -u admin:XXX -X GET https://localhost/mgmt/shared/authz/resource-groups | json-format

    KR,

    Dario.