Manual Chapter : Common elements file for local user authorization

Applies To:

Show Versions

BIG-IP AAM

15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP APM

16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP Analytics

16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP Link Controller

16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP LTM

16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP PEM

16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP AFM

16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP DNS

16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP ASM

16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

Common elements file for local user authorization

From the vCMP host system prompt, type

vconsole guest_nameany_guest_slot_number

In this syntax, the variable any_guest_slot_number refers to any slot on which the guest is running. Note that for single-slot guests, the slot number is not required.

For example, you can type

vconsole guest_A 1

, where

represents slot 1 of the guest.

The system prompts you to enter a user name and password.

From the vCMP host, access the Bash shell by typing

vconsole guest_name

For example, you can type

vconsole guest_A

The system prompts you to enter a user name and password.

Type the

root

account and the password

default

The system logs you into the guest and displays the guest's system prompt.

At the prompt, determine the primary slot number by typing

tmsh show sys cluster

and locating the Primary Slot ID.

If the system output indicates that you are not currently logged into the primary slot of the cluster, type either

ssh primary

ssh slotprimary_slot_number

For example, if the primary slot is slot 2, you can type either

ssh primary

ssh slot2

Typing this command logs you into the primary slot of the cluster.

Type the command

tmsh modify auth user admin shell tmsh

This command grants

tmsh

access to the

admin

user account.

Type the command

tmsh modify

This command .

Type exit

Exit the vConsole utility by typing the key sequence

ctrl-]

This displays the prompt

telnet>

Type

At the Bash prompt, log out of the Linux system by typing

exit

, if necessary.

On the Main tab, click

System

Users

The BIG-IP system displays the list of user accounts that reside in the current partition and in partition

Common

. Note that all users except those with a user role of No Access have at least read access to partition

Common

On the Main tab, click

System

Users

User List

The BIG-IP system displays the list of user accounts that reside in the current partition and in partition

Common

. Note that all users except those with a user role of No Access have at least read access to partition

Common

In the user account list, locate the name of the account you want to unlock and select the check box to the left of the account name.

Access the BIG-IP Configuration utility.

In the upper-left corner of the screen, confirm that the

Partition

list is set to the partition in which the user account that you want to modify resides.

In the upper-left corner of the screen, from the

Partition

list, select the partition in which the user account that you want to unlock resides.

From the

Partition

list in the upper-left corner of the screen, set the current partition to the partition in which you want the user account to reside.

The partition you select in this step is not the partition to which you want the user account to have access.

From the

Partition

list in the upper-left corner of the screen, set the current partition to the partition in which the relevant user accounts reside.

In the User Name column, click the user account name.

For the

Password

setting:

In the

New

field, type a password for the user account.

In the

Confirm

field, type the password again.

If the two passwords match, the BIG-IP system assigns the password to the user account. The user can log in to the system later and change this password.

If you want to allow user access to the command line interface, then from the

Terminal Access

list, select a level of access.

The advanced shell is only available for accounts with the Administrator or Resource Administrator user role.

If you want to change the user's access to the command line interface, then from the

Terminal Access

list, select a level of access.

The advanced shell is only available for accounts with the Administrator or Resource Administrator user role.

Click the

Update

button.

Click the

Unlock

button.

Click the

Create

button.

If the

Create

button is unavailable, you do not have permission to create a local user account. You must have the Administrator or User Manager role assigned to your user account in order to create a local user account.

Click the

Finished

button.

For the

Partition Access

setting:

From the

Role

list to select a user role.

From the

Partition

list, select a partition name.

Click the

Add

button.

A user role pertaining to a partition now appears in the box.

Repeat these steps for each partition to which you want to assign a role for this user.

Sample partition access configuration for a BIG-IP user — Granting partition access to a BIG-IP user account

After you configure this setting, one or more role-partition combinations are specified for assignment to this user account.

To change the user's password, locate the

Password

setting and replace the existing password in the

New

and

Confirm

fields with the new password.

In the user account list, find the user account you want to view and click the account name. This displays the properties of that user account.

To modify a user's role and partition access, do any of the following:

To add a role for a partition, from the

Role

list select a role, and from the

Partition

list, select a partition. Then click the

Add

button.

The new role-partition entry appears in the

Partitian Access

box.

To modify a role or partition, in the

Partition Access

box, select the role-partition entry you want to modify, and click the

Edit

button. Then from the

Role

Partition

list, select a new role or partition. Then click the

Add

button.

To delete a role-partition entry, in the

Partition Access

box, select the role-partition entry you want to delete, and click the

Delete

button.

You can add, modify, or delete only those role-partition entries that you are authorized to manage based on your own user role and partition access.

Subscriptions

Product Usage

Trials

Registration Keys

Downloads

Applies To:

BIG-IP AAM

BIG-IP APM

BIG-IP Analytics

BIG-IP Link Controller

BIG-IP LTM

BIG-IP PEM

BIG-IP AFM

BIG-IP DNS

BIG-IP ASM

Common elements file for local user authorization

Have a Question?

About F5

Education

F5 Sites

Support Tasks

Subscriptions

Product Usage

Trials

Registration Keys

Downloads

Applies To:

BIG-IP AAM

BIG-IP APM

BIG-IP Analytics

BIG-IP Link Controller

BIG-IP LTM

BIG-IP PEM

BIG-IP AFM

BIG-IP DNS

BIG-IP ASM

Common elements file for local user authorization

Have a Question?

Follow Us

About F5

Education

F5 Sites

Support Tasks