Manual Chapter : Common elements file for local user authorization

Applies To:

Show Versions Show Versions

BIG-IP DNS

  • 15.0.0

BIG-IP Analytics

  • 15.0.0

BIG-IP AFM

  • 15.0.0

BIG-IP PEM

  • 15.0.0

BIG-IP ASM

  • 15.0.0

BIG-IP AAM

  • 15.0.0

BIG-IP APM

  • 15.0.0

BIG-IP LTM

  • 15.0.0
Manual Chapter

Common elements file for local user authorization

  1. From the vCMP host system prompt, type
    vconsole
    guest_name
    any_guest_slot_number
    .
    In this syntax, the variable
    any_guest_slot_number
    refers to any slot on which the guest is running. Note that for single-slot guests, the slot number is not required.
    For example, you can type
    vconsole guest_A 1
    , where
    1
    represents slot 1 of the guest.
    The system prompts you to enter a user name and password.
  2. From the vCMP host, access the Bash shell by typing
    vconsole
    guest_name
    .
    For example, you can type
    vconsole guest_A
    The system prompts you to enter a user name and password.
  3. Type the
    root
    account and the password
    default
    .
    The system logs you into the guest and displays the guest's system prompt.
  4. At the prompt, determine the primary slot number by typing
    tmsh show sys cluster
    and locating the Primary Slot ID.
  5. If the system output indicates that you are not currently logged into the primary slot of the cluster, type either
    ssh primary
    or
    ssh slot
    primary_slot_number
    .
    For example, if the primary slot is slot 2, you can type either
    ssh primary
    or
    ssh slot2
    .
    Typing this command logs you into the primary slot of the cluster.
  6. Type the command
    tmsh modify auth user admin shell tmsh
    .
    This command grants
    tmsh
    access to the
    admin
    user account.
  7. Type the command
    tmsh modify
    .
    This command .
  8. Type exit
  9. Exit the vConsole utility by typing the key sequence
    ctrl-]
    .
    This displays the prompt
    telnet>
    .
  10. Type
    q
    .
  11. At the Bash prompt, log out of the Linux system by typing
    exit
    , if necessary.
  12. On the Main tab, click
    System
    Users
    .
    The BIG-IP system displays the list of user accounts that reside in the current partition and in partition
    Common
    . Note that all users except those with a user role of No Access have at least read access to partition
    Common
    .
  13. On the Main tab, click
    System
    Users
    User List
    .
    The BIG-IP system displays the list of user accounts that reside in the current partition and in partition
    Common
    . Note that all users except those with a user role of No Access have at least read access to partition
    Common
    .
  14. In the user account list, locate the name of the account you want to unlock and select the check box to the left of the account name.
  15. Access the BIG-IP Configuration utility.
  16. In the upper-left corner of the screen, confirm that the
    Partition
    list is set to the partition in which the user account that you want to modify resides.
  17. In the upper-left corner of the screen, from the
    Partition
    list, select the partition in which the user account that you want to unlock resides.
  18. From the
    Partition
    list in the upper-left corner of the screen, set the current partition to the partition in which you want the user account to reside.
    The partition you select in this step is not the partition to which you want the user account to have access.
  19. From the
    Partition
    list in the upper-left corner of the screen, set the current partition to the partition in which the relevant user accounts reside.
  20. In the User Name column, click the user account name.
  21. For the
    Password
    setting:
    1. In the
      New
      field, type a password for the user account.
    2. In the
      Confirm
      field, type the password again.
      If the two passwords match, the BIG-IP system assigns the password to the user account. The user can log in to the system later and change this password.
  22. If you want to allow user access to the command line interface, then from the
    Terminal Access
    list, select a level of access.
    The advanced shell is only available for accounts with the Administrator or Resource Administrator user role.
  23. If you want to change the user's access to the command line interface, then from the
    Terminal Access
    list, select a level of access.
    The advanced shell is only available for accounts with the Administrator or Resource Administrator user role.
  24. Click the
    Update
    button.
  25. Click the
    Unlock
    button.
  26. Click the
    Create
    button.
    If the
    Create
    button is unavailable, you do not have permission to create a local user account. You must have the Administrator or User Manager role assigned to your user account in order to create a local user account.
  27. Click the
    Finished
    button.
  28. For the
    Partition Access
    setting:
    1. From the
      Role
      list to select a user role.
    2. From the
      Partition
      list, select a partition name.
    3. Click the
      Add
      button.
      A user role pertaining to a partition now appears in the box.
    4. Repeat these steps for each partition to which you want to assign a role for this user.
    Granting partition access to a BIG-IP user account
    Sample partition access configuration for a BIG-IP user
    After you configure this setting, one or more role-partition combinations are specified for assignment to this user account.
  29. To change the user's password, locate the
    Password
    setting and replace the existing password in the
    New
    and
    Confirm
    fields with the new password.
  30. In the user account list, find the user account you want to view and click the account name. This displays the properties of that user account.
  31. To modify a user's role and partition access, do any of the following:
    1. To add a role for a partition, from the
      Role
      list select a role, and from the
      Partition
      list, select a partition. Then click the
      Add
      button.
      The new role-partition entry appears in the
      Partitian Access
      box.
    2. To modify a role or partition, in the
      Partition Access
      box, select the role-partition entry you want to modify, and click the
      Edit
      button. Then from the
      Role
      or
      Partition
      list, select a new role or partition. Then click the
      Add
      button.
    3. To delete a role-partition entry, in the
      Partition Access
      box, select the role-partition entry you want to delete, and click the
      Delete
      button.
    You can add, modify, or delete only those role-partition entries that you are authorized to manage based on your own user role and partition access.