The ability to manage resources located on BIG-IP® devices using BIG-IQ® ADC is controlled by the permissions settings associated with your user role. Users with the role of Administrator can set permissions for any role.
Permissions for managing objects follow a fine-grained, role-based access control (RBAC) model. This means that you can grant read, write, create, and delete permissions for a device, a virtual server, a pool, or a node. So for example, a user might be given the ability to make revisions to the settings for a virtual server, but the ability to deploy those changes to the managed device is reserved for the Administrator. Or, you can grant authorization to make changes to one type of managed object (Pools, for instance), but reserve the authorization for other object types. Finally, you might choose to grant authorization to view or make changes on one object (for example, Pool 1), but reserve the authorization for other objects at that same level (for example, Pools 2 - 20).