Applies To:Show Versions
BIG-IQ Centralized Management
Managing Device Permissions
About permissions management
The ability to manage resources located on BIG-IP® devices using BIG-IQ® ADC is controlled by the permissions settings associated with your user role. Users with the role of Administrator can set permissions for any role.
Permissions for managing objects follow a fine-grained, role-based access control (RBAC) model. This means that you can grant read, write, create, and delete permissions for a device, a virtual server, a pool, or a node. So for example, a user might be given the ability to make revisions to the settings for a virtual server, but the ability to deploy those changes to the managed device is reserved for the Administrator. Or, you can grant authorization to make changes to one type of managed object (Pools, for instance), but reserve the authorization for other object types. Finally, you might choose to grant authorization to view or make changes on one object (for example, Pool 1), but reserve the authorization for other objects at that same level (for example, Pools 2 - 20).
Revising managed object permissions
- Log in to BIG-IQ ADC with the administrator user name and password.
At the top of the screen, click Configuration, and then
click Editing View.
The Devices panel displays the list of devices that the BIG-IQ system is currently managing, along with the configuration objects on those devices. This view displays the objects and settings currently configured on the managing BIG-IQ system. Only configuration objects for which you have Read or Read/Write permissions are displayed.
On the panel that corresponds to the type of object you want to change, hover
over the object you want to view, click the icon, and then
select Properties to access the configuration settings
that have been imported for this object.
The properties screen for the selected object opens.
Click the icon, and then select
Properties to access the configuration settings that
have been imported for this object.
The properties for the selected object are displayed.
- Click Permissions to access the permissions settings that have been imported for this object.
In the Role field, type the name of the role to which
you want to assign permissions, and then click Read or
Read/Write as appropriate.
Important: Before you can you can specify permissions for a role, that role must already exist. (In BIG-IQ System under Access Control, you can create a role using the Roles panel.
- To grant permissions to another role, click the add (+) icon. To remove a role to which you have granted permissions, click the remove (x) icon.
When you are satisfied with the changes you have made, click
The permissions changes are made, and the screen for the selected object closes.