Welcome to another tutorial for the F5 Networks Management Pack. And this video I’m going to cover the Authorization Roles Feature in the latest release of the F5 Networks Management Pack. Now once you have the product installed, everything should appear as normal but if we go the administration area and under Security User Roles, you will notice three new profiles created. Now these user roles are just examples of how we have setup our authorization to work.
If you open up any of this, what you will see is the listed members in this case I don’t have any defined yet because it’s a fresh installation. But it will give description of what the user role is. And if we look at the tasks, it will let you know which task the user is privileged to. Now in this case this is the configuration operator, you will have access to things such as enable, disable pool member, and disable virtual servers as well as this task down here, which is called Authorized for F5 Device Configuration.
And this here is actually the important task that needs to be added, does not actually so anything but our service runs this task as the user in order to verify that user is able to actually run configuration operations. So that being said, and then go back here and add a user. Now this MP test configuration user is holding privilege enough to be able to run configuration tasks.
Now along those same lines we have two other dummy tasks setup one for discovery. If we look at discovery here, our user role has the tasks defined for discovery type operations. And this task here it’s authorized for F5 Device Discovery is the important dummy task. This needs to be added to a user’s role in order for them to be able to discover a device.
Now Advance Operators and I think even just generally operators will have access to all the tasks by default. But say you wanted to lock down what a user can do this would be the way to do it. Now I have also included inside this example user role, other discovery tasks such as remove device, rediscover, device configuration and so forth.
And the last user role and dummy tasks that we have added is Big IP Administrator as we call it. And the dummy task associated with this is actually Authorize for Device Big3D Update. Now this is the task that corresponds with updating the actual Big3D on the device. So when you first discover device with the management pack, we require that you push out the updated copy of Big3D which will return stats and configuration updates. So you wouldn’t want to necessarily assign this task to any regular user you would want, only administration people with Big IP or a file device administration rights.
So going along with that, if you were to go back here and actually discover device and the user was not authorized for discovery, you would go through here type in your device information, etcetera. And once I click discover, it would actually stop and say you are not authorized to do this. Same thing with if you are to click this box and say, “Oh I want to authorize Big3D update”, and it would actually fail and say, “No the user is not authorized to do this.”
So that pretty much covers everything with this latest feature. If ever you have any questions feel free to visit the forms and post complaints and concerns. Otherwise watch for our next tutorial.
Transcription by:
Scribe4you Transcription Services