Manual Chapter :
Common elements file for local user authorization
Applies To:
Show VersionsBIG-IP AAM
- 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP APM
- 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP Analytics
- 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP Link Controller
- 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP LTM
- 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP PEM
- 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP AFM
- 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP DNS
- 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP ASM
- 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
Common elements file for local user authorization
- From the vCMP host system prompt, typevconsole.guest_nameany_guest_slot_numberIn this syntax, the variableany_guest_slot_numberrefers to any slot on which the guest is running. Note that for single-slot guests, the slot number is not required.For example, you can typevconsole guest_A 1, where1represents slot 1 of the guest.The system prompts you to enter a user name and password.
- From the vCMP host, access the Bash shell by typingvconsole.guest_nameFor example, you can typevconsole guest_AThe system prompts you to enter a user name and password.
- Type therootaccount and the passworddefault.The system logs you into the guest and displays the guest's system prompt.
- At the prompt, determine the primary slot number by typingtmsh show sys clusterand locating the Primary Slot ID.
- If the system output indicates that you are not currently logged into the primary slot of the cluster, type eitherssh primaryorssh slot.primary_slot_numberFor example, if the primary slot is slot 2, you can type eitherssh primaryorssh slot2.Typing this command logs you into the primary slot of the cluster.
- Type the commandtmsh modify auth user admin shell tmsh.This command grantstmshaccess to theadminuser account.
- Type the commandtmsh modify.This command .
- Type exit
- Exit the vConsole utility by typing the key sequencectrl-].This displays the prompttelnet>.
- Typeq.
- At the Bash prompt, log out of the Linux system by typingexit, if necessary.
- On the Main tab, click.The BIG-IP system displays the list of user accounts that reside in the current partition and in partitionCommon. Note that all users except those with a user role of No Access have at least read access to partitionCommon.
- On the Main tab, click.The BIG-IP system displays the list of user accounts that reside in the current partition and in partitionCommon. Note that all users except those with a user role of No Access have at least read access to partitionCommon.
- In the user account list, locate the name of the account you want to unlock and select the check box to the left of the account name.
- Access the BIG-IP Configuration utility.
- In the upper-left corner of the screen, confirm that thePartitionlist is set to the partition in which the user account that you want to modify resides.
- In the upper-left corner of the screen, from thePartitionlist, select the partition in which the user account that you want to unlock resides.
- From thePartitionlist in the upper-left corner of the screen, set the current partition to the partition in which you want the user account to reside.The partition you select in this step is not the partition to which you want the user account to have access.
- From thePartitionlist in the upper-left corner of the screen, set the current partition to the partition in which the relevant user accounts reside.
- In the User Name column, click the user account name.
- For thePasswordsetting:
- In theNewfield, type a password for the user account.
- In theConfirmfield, type the password again.If the two passwords match, the BIG-IP system assigns the password to the user account. The user can log in to the system later and change this password.
- If you want to allow user access to the command line interface, then from theTerminal Accesslist, select a level of access.The advanced shell is only available for accounts with the Administrator or Resource Administrator user role.
- If you want to change the user's access to the command line interface, then from theTerminal Accesslist, select a level of access.The advanced shell is only available for accounts with the Administrator or Resource Administrator user role.
- Click theUpdatebutton.
- Click theUnlockbutton.
- Click theCreatebutton.If theCreatebutton is unavailable, you do not have permission to create a local user account. You must have the Administrator or User Manager role assigned to your user account in order to create a local user account.
- Click theFinishedbutton.
- For thePartition Accesssetting:
- From theRolelist to select a user role.
- From thePartitionlist, select a partition name.
- Click theAddbutton.A user role pertaining to a partition now appears in the box.
- Repeat these steps for each partition to which you want to assign a role for this user.
After you configure this setting, one or more role-partition combinations are specified for assignment to this user account. - To change the user's password, locate thePasswordsetting and replace the existing password in theNewandConfirmfields with the new password.
- In the user account list, find the user account you want to view and click the account name. This displays the properties of that user account.
- To modify a user's role and partition access, do any of the following:
- To add a role for a partition, from theRolelist select a role, and from thePartitionlist, select a partition. Then click theAddbutton.The new role-partition entry appears in thePartitian Accessbox.
- To modify a role or partition, in thePartition Accessbox, select the role-partition entry you want to modify, and click theEditbutton. Then from theRoleorPartitionlist, select a new role or partition. Then click theAddbutton.
- To delete a role-partition entry, in thePartition Accessbox, select the role-partition entry you want to delete, and click theDeletebutton.
You can add, modify, or delete only those role-partition entries that you are authorized to manage based on your own user role and partition access.