A user is an individual to whom you provide resources. You provide access to users for specific BIG-IQ® system functionality through authentication. You can associate a user with a specific role, or associate a user with a user group and then associate the group with a role.
A role is defined by its specific privileges. A user group is a group of individuals that have access to the same resources. When you associate a role with a user or user group, that user or user group is granted all of the role's corresponding privileges.
By default, the BIG-IQ® system provides the following default user types:
User types persist and are available after a BIG-IQ system failover. You can authenticate users locally on the BIG-IQ system or remotely through LDAP or RADIUS.
As a system manager, you need a way to differentiate between users and to limit user privileges based on their responsibilities. To assist you, the BIG-IQ® system has created a default set of roles you can assign to a user. Roles persist and are available after a BIG-IQ system failover.
BIG-IQ® system ships with several standard roles, which you can assign to individual users.
|Administrator||Responsible for overall administration of all licensed aspects of the BIG-IQ system, which can include BIG-IQ Cloud, BIG-IQ Security, BIG-IQ System, and BIG-IQ ADC management. These responsibilities include adding individual users, assigning roles, discovering BIG-IP® systems, installing updates, activating licenses, and configuring a BIG-IQ high availability (HA) configuration.|
|Device Manager||Responsible for device administration including device discovery, group creation, licensing, and management of software images, UCS backups, templates, connectors, certificates, self IP addresses, VLANs, and interfaces. This role must first create a group before discovering and managing devices.|
|Network Security Deploy||Can view and deploy firewall configuration objects associated with managed firewall devices.|
|Network Security Edit||Can view and modify configuration objects associated with managed firewall devices, including the ability to create, modify, or delete all shared and firewall-specific objects.|
|Network Security Manager||Has all of the privileges assigned to the Network Security View, Network Security Edit, and Network Security Deploy roles.|
|Network Security View||Can only view configuration objects and tasks for all firewall devices under management.|
|Security Manager||Has all of the privileges assigned to the Network Security View, Network Security Edit, and Network Security Deploy roles.|
|Web App Security Manager||Responsible for administration of the individual components of web application security, including associated devices, policies, virtual servers, signature files, and deployments.|