Manual Chapter : Common elements file for remote role groups

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP APM

  • 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP Analytics

  • 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP Link Controller

  • 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP LTM

  • 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP PEM

  • 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP AFM

  • 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP DNS

  • 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP ASM

  • 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
Manual Chapter

Common elements file for remote role groups

  1. On the Main tab, click
    System
    Users
    .
  2. On the menu bar, click
    Remote Role Groups
    .
  3. Click
    Create
    .
  4. In the
    Group Name
    field, type the group name that is defined on the remote authentication server.
    An example of a group name is
    BigIPOperatorsGroup
    .
  5. In the
    Line Order
    field, type a number.
    This value specifies the order of this access control configuration in the file
    /config/bigip/auth/remoterole
    for the named group. The LDAP and Active Directory servers read this file line by line. The order of the information is important; therefore, F5 Networks recommends that you specify a value of
    1000
    for the first line number. This allows you, in the future, to insert lines before the first line.
  6. In the
    Attribute String
    field, type an attribute.
    An example of an attribute string is
    memberOF=cn=BigIPOperatorsGroup,cn=users,dc=dev,dc=net
    .
    The BIG-IP system attempts to match this attribute with an attribute on the remote authentication server. On finding a match, the BIG-IP system applies the access control settings defined here to the users in that group. If a match is not found, the system applies the default access control settings to all remotely-stored user accounts (excluding any user account for which access control settings are individually configured).
  7. From the
    Remote Access
    list, select a value.
    Enabled
    Choose this value if you want to enable remote access for the defined user group.
    Disabled
    Choose this value if you want to disable remote access for the defined user group. Note that if you configure multiple instances of this remote role group (one instance for each role-partition pair for the attribute string), then choosing a value of
    Disabled
    disables remote access for all user group members, regardless of the remote role group instance.
  8. From the
    Assigned Role
    list, select a user role for the remote user group.
  9. From the
    Partition Access
    list, select an administrative partition value.
    All
    Choose this value to give users in the defined group access to their authorized objects in all partitions on the BIG-IP system.
    partition_name
    Choose a specific partition name to give users in the defined group access to that partition only.
    Common
    Choose this value to give users in the defined group access to partition
    Common
    only.
  10. From the
    Terminal Access
    list, select the type of command-line access you want to grant users in the group, if any.
  11. Click
    Finished
    .
  12. Click
    Finished
    or
    Repeat
    .