Applies To:
Show VersionsBIG-IQ Centralized Management
- 5.3.0
About users, user groups, and roles
A user is an individual to whom you provide resources. You provide access to users for specific BIG-IQ® system functionality through authentication. You can associate a user with a specific role, or associate a user with a user group and then associate the group with a role.
A role is defined by its specific privileges.
A user group is a group of individuals who have access to the same resources. When you associate a role with a user or user group, that user or user group is granted all of the role's corresponding privileges.
User roles in the Access configuration workflow
Access configuration workflow with possible user roles
User roles in the reporting configuration workflow
Reporting workflow with possible user roles
Adding a BIG-IQ user
Creating a user group
You create a user group to offer individual users access to the same resources.
User role access descriptions
The table lists standard BIG-IQ® system user roles you might need to assign to your users, depending on their responsibilities in working with Access.
Role | Role Description / Access |
---|---|
Access Auditor | This role provides access to BIG-IQ® Access reports. |
Access Deployer | This role has deploy access to Access configuration objects. This role cannot discover and edit devices or policies. |
Access Editor | This role has edit access to Access configuration objects. This role cannot discover and deploy devices or policies. This role includes the ability to add, update, and delete pools and pool members from the Access configuration object editor. |
Access Manager | This role has deploy and edit access to Access configuration objects, and has access to Access Reports and Dashboard. This role cannot add or remove devices and device groups, and cannot discover, import or delete services. |
Access Viewer | This role has view-only access to Access configuration objects and tasks for Access devices that have been discovered. This role cannot edit, discover, or deploy devices or policies. |
ADC Deployer | This role has deploy access to ADC configuration objects. This role cannot discover and edit devices or configuration objects. At deployment, Access notifies you if it finds changes in ADC that you must deploy first, |
ADC Editor | This role has edit access to ADC configuration objects. A user needs this role to be able to edit or create a self-IP address or a route domain and to view other ADC configuration objects. This role includes the ability to add, update, and delete pools and pool members from ADC; however, you can configure pools and pool members within Access without having this role. |
ADC Manager | This role manages the ADC module with full privilege. This role works for a user who needs to: Deploy ADC; edit or create a self-IP address or a route domain; view other ADC configuration objects. This role includes the ability to add, update, and delete pools and pool members from ADC; however, you can configure pools and pool members within Access without having this role. |
ADC Viewer | This role permits read-only access to the ADC module. A user who needs to view configuration objects from ADC needs this role. |
Trust Discover Import | This role can add and delete devices, discover services and import them, and remove services. |
Administrator | This role has access to all aspects of the BIG-IQ system, which can include BIG-IQ Security, BIG-IQ System, and BIG-IQ ADC management. This access includes areas involved in adding individual users, assigning roles, device discovery, installing updates, activating licenses, and configuring a BIG-IQ high availability (HA) configuration. |