Manual Chapter : Managing Device Permissions

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 4.6.0
Manual Chapter

Managing Device Permissions

About permissions management

The ability to manage resources located on BIG-IP® devices using BIG-IQ® ADC is controlled by the permissions settings associated with your user role. Users with the role of Administrator can set permissions for any role.

Permissions for managing objects follow a fine-grained, role-based access control (RBAC) model. This means that you can grant read, write, create, and delete permissions for a device, a virtual server, a pool, or a node. So for example, a user might be given the ability to make revisions to the settings for a virtual server, but the ability to deploy those changes to the managed device is reserved for the Administrator. Or, you can grant authorization to make changes to one type of managed object (Pools, for instance), but reserve the authorization for other object types. Finally, you might choose to grant authorization to view or make changes on one object (for example, Pool 1), but reserve the authorization for other objects at that same level (for example, Pools 2 - 20).

Revising managed object permissions

You must have Read/Write permissions to make revisions to a configuration object. If you only have Read permissions, you can still view the configuration settings imported from managed devices.
You can revise the permissions for any configuration object (virtual servers, pools, and nodes) based on the role assigned to a user's login credentials.
  1. Log in to BIG-IQ ADC with the administrator user name and password.
  2. At the top of the screen, click Configuration, and then click Editing View.
    The Devices panel displays the list of devices that the BIG-IQ system is currently managing, along with the configuration objects on those devices. This view displays the objects and settings currently configured on the managing BIG-IQ system. Only configuration objects for which you have Read or Read/Write permissions are displayed.
  3. On the panel that corresponds to the type of object you want to change, hover over the object you want to view, click the gear icon, and then select Properties to access the configuration settings that have been imported for this object.
    The properties screen for the selected object opens.
  4. Click the gear icon, and then select Properties to access the configuration settings that have been imported for this object.
    The properties for the selected object are displayed.
  5. Click Permissions to access the permissions settings that have been imported for this object.
  6. In the Role field, type the name of the role to which you want to assign permissions, and then click Read or Read/Write as appropriate.
    Important: Before you can you can specify permissions for a role, that role must already exist. (In BIG-IQ System under Access Control, you can create a role using the Roles panel.
  7. To grant permissions to another role, click the add (+) icon. To remove a role to which you have granted permissions, click the remove (x) icon.
  8. When you are satisfied with the changes you have made, click Save.
    The permissions changes are made, and the screen for the selected object closes.