The types of user accounts on the BIG-IP® system are:
The root account
- Every BIG-IP system has an account named root. A user who logs in to
the system using the root account has full access to all BIG-IP system
resources, including all administrative partitions and command line interfaces.
The admin account
- Every BIG-IP system has an account named admin. A user who logs in to
the system using the admin account has the Administrator role, which
grants the user full access to all BIG-IP system resources, including all administrative
partitions on the system. By default, the admin user account has access
to the BIG-IP Configuration utility only. However, users logged in with this account can grant
themselves access to both tmsh and the advanced shell. Although the BIG-IP
system creates this account automatically, you must still assign a password to the account
before you can use it. To initially set the password for the admin account, you must run the
Setup utility. To change its password later, you use the BIG-IP Configuration utility’s Users
- A BIG-IP user with the correct user role can create other local user accounts for BIG-IP
system administration. Each local user account on the BIG-IP system has one or more user roles
assigned to the account (one per partition), as well as permissions related to
tmsh and Bash shell access.
- If your organization stores user accounts on a remote authentication server (such as an Active
Directory server), you can configure the BIG-IP system to control access to BIG-IP
configuration objects for all BIG-IP user accounts stored on the remote server. In this case,
the remote server authenticates each BIG-IP user at login time, while the BIG-IP system itself
grants the specified access control permissions.
Note: You are not required to have any user accounts on the BIG-IP system other than
the root and admin accounts. However, F5 Networks® recommends that you create other user accounts, as a way to
intelligently control administrator access to system resources.