Applies To:Show Versions
What is an administrative partition?
Creating an administrative partition
- On the Main tab, expandSystemand clickUsers.The Users List screen opens.
- On the menu bar, clickPartition List.
- ClickCreate.The New Partition screen opens.
- In thePartition Namefield, type a unique name for the partition.An example of a partition name isSpanned_VIP.
- Type a description of the partition in theDescriptionfield.This field is optional.
- For theDevice Groupsetting, choose an action:ActionResultRetain the default value.Choose this option if you want the folder corresponding to this partition to inherit the value of the device group attribute from folderroot.Clear the check box and select the name of a device group.Choose this option if you do not want the folder corresponding to this partition to inherit the value of the device group attribute from folderroot.
- For theTraffic Groupsetting, choose an action:ActionResultRetain the default value.Choose this option if you want the folder corresponding to this partition to inherit the value of the traffic group attribute from folderroot.Clear the check box and select the name of a traffic group.Choose this option if you do not want the folder corresponding to this partition to inherit the value of the traffic group attribute from folderroot.
Relationship of partitions to user accounts
- Assign partition access to user accounts
- You can configure a user account to grant the user access to one or more partitions, and you can assign a different user role to a user for each partition. Moreover, you can grant an individual user access to all partitions instead of to specific partitions only. Note that assigning partition access to a user does not necessarily give the user full access to all objects in the partition; the user role assigned to the user determines the type of access that the user has to each type of object in the partition.
- Create user accounts as partitioned objects
- Like other types of objects on the system, user account objects also reside in partitions. Placing user account objects into partitions controls other users’ administrative access to those user accounts. Also, like other object types, a BIG-IP® system user account cannot reside in more than one partition simultaneously. When you first install the BIG-IP system, every existing user account (rootandadmin) resides in partitionCommon.The partition in which a user account object resides does not affect the partition or partitions to which that user is granted access to manage other BIG-IP objects.
About partition Common
About the current partition
- If userjsmithhas access to multiple partitions on the system, then before creating or managing any object on the BIG-IP® system, she must select the partition that she wants to be the current partition. After setting the current partition, any object that she creates resides in that partition, and she can modify or delete only the objects that reside in that partition until she sets the current partition to a different partition. Also, regardless of the current partition that jsmith selects, she also has read access to objects in partitionCommon.
- Conversely, if userrjoneshas access to partitionAonly, then any object that he creates while logged in to the BIG-IP system resides in partitionA. Although he can view objects in partitionCommon, he cannot selectCommonas his current partition because he has read access only. For userrjones, partitionAis automatically his current partition when he logs in to the system, and he cannot change the current partition to create objects in another partition.
Setting the current partition
- Access the BIG-IP Configuration utility.
- Find thePartitionlist in the upper right corner of the BIG-IP Configuration utility screen, to the left of theLog outbutton.
- From thePartitionlist, select the partition in which you want to create or manage objects.
Object referencing between partitions
Valid object referencing
- An object and the object that it references can reside in the same partition.
- An object can reside in a user-created partition, such as partitionA, while the object it references resides in partitionCommon.
- An iRule can reference any object, regardless of the partition in which the referenced object resides. For example, an iRule that resides in partitionAcan contain a pool statement that specifies a pool residing in partitionB. Neither object is required to reside inCommon.
Invalid object referencing
- An object cannot reside in partitionCommon, while the object that it references resides in a different partition. For example, you cannot have a virtual server residing inCommonwhile the pool that the virtual server references resides in partitionA.
- An object cannot reside in one user-created partition, while the object that it references resides in another user-created partition. For example, you cannot have a virtual server residing inAwhile the pool that the virtual server references resides in partitionB.