F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. BIG-IP LTM
  4. BIG-IP TMOS: Implementations
  5. Configuring Administrative Partitions to Control User Access
Manual Chapter : Configuring Administrative Partitions to Control User Access

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 12.1.4, 12.1.3, 12.1.2, 12.1.1, 12.1.0

BIG-IP APM

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1, 12.1.0

BIG-IP Analytics

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1, 12.1.0

BIG-IP Link Controller

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1, 12.1.0

BIG-IP LTM

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1, 12.1.0

BIG-IP AFM

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1, 12.1.0

BIG-IP PEM

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1, 12.1.0

BIG-IP DNS

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1, 12.1.0

BIG-IP ASM

  • 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1, 12.1.0
Manual Chapter
Table of Contents | << Previous Chapter | Next Chapter >>

Configuring Administrative Partitions to Control User Access

Overview: Administrative partitions for user access control

The BIG-IP® system includes a powerful authorization feature known as administrative partitions. Using the administrative partitions feature, you ensure that BIG-IP system grants administrative users exactly the right type and amount of access to BIG-IP system resources. As a result, you can tailor user access to resources to exactly fit the needs of your organization.

Task summary

There are two main tasks for controlling user access to BIG-IP® system objects.

Task list

Creating an administrative partition

You perform this task to create an administrative partition. An administrative partition creates an access control boundary for users and applications.

  1. On the Main tab, expand System and click Users.
    The Users List screen opens.
  2. On the menu bar, click Partition List.
  3. Click Create.
    The New Partition screen opens.
  4. In the Partition Name field, type a unique name for the partition.
    An example of a partition name is Spanned_VIP.
  5. Type a description of the partition in the Description field.
    This field is optional.
  6. For the Device Group setting, choose an action:
    Action Result
    Retain the default value. Choose this option if you want the folder corresponding to this partition to inherit the value of the device group attribute from folder root.
    Clear the check box and select the name of a device group. Choose this option if you do not want the folder corresponding to this partition to inherit the value of the device group attribute from folder root.
  7. For the Traffic Group setting, choose an action:
    Action Result
    Retain the default value. Choose this option if you want the folder corresponding to this partition to inherit the value of the traffic group attribute from folder root.
    Clear the check box and select the name of a traffic group. Choose this option if you do not want the folder corresponding to this partition to inherit the value of the traffic group attribute from folder root.
  8. Click Finished.
The new partition appears in the partition list.

Assigning roles to a user account

Before performing this task, ensure that you have a user role of Administrator or that you have a role of User Manager for the relevant partition.

You perform this task to change the user roles that are assigned to a user account. You can assign a different role for each partition to which the user has access. By default, the user role that the BIG-IP® system assigns to a user account on each partition is No Access.

Important: If you are performing this task while the user is logged into the system through tmsh, the BIG-IP system terminates the user's tmsh session when the user subsequently issues another tmsh command. This behavior ensures that the user is notified of the change in permissions and that data integrity is maintained.
  1. Access the BIG-IP ® Configuration utility.
  2. In the upper-left corner of the screen, confirm that the Partition list is set to the partition in which the user account that you want to modify resides.
  3. On the Main tab, click System > Users .
    The BIG-IP system displays the list of user accounts that reside in the current partition and in partition Common. Note that all users except those with a user role of No Access have at least read access to partition Common.
  4. In the User Name column, click the user account name.
  5. For the Partition Access setting:
    1. From the Role list to select a user role.
    2. From the Partition list, select a partition name.
    3. Click the Add button.
      A user role pertaining to a partition now appears in the box.
    4. Repeat these steps for each partition to which you want to assign a role for this user.
    Sample partition access configuration for a BIG-IP user

    Granting partition access to a BIG-IP user account

    After you configure this setting, one or more role-partition combinations are specified for assignment to this user account.
  6. Click the Update button.
Table of Contents | << Previous Chapter | Next Chapter >>
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information