How to: Assign standard roles to users¶
You can customize user access to managed BIG-IP Next instances and application services by assigning role-based access based on job responsibilities. When you associate a role with a user (or a group of users), they have access only to areas of managed BIG-IP Next instances that you explicitly grant.
About assigning roles to a user¶
The responsibilities and roles of each of your users depends on the number of people who have access to BIG-IP Next Central Manager and managed BIG-IP Next instances. For example, if you have only two people managing BIG-IP Next Central Manager itself and all of your BIG-IP Next instances, they both would need to have full access to all aspects of both at one time or another. For these users, you’d assign them the Administrator role.
About assigning granular/specialized privileges to a user¶
On the other hand, if you’re working for a larger company that has specialized roles to manage different services, or different parts of services, you can provide more granular access. For example, if you have two people who manage BIG-IP Next instances; one who manages certificates and another only manages applications, you could assign the role of Certificate Manager and Application Manager respectively. In addition, a single user can be assigned mulitple user roles, as necessary to their required access privileges.
| Role | Privileges |
|---|---|
| Administrator | Full permission to create, view, update, and delete all objects and configurations on BIG-IP Next Central Manager and managed BIG-IP Next instances. |
| Instance Manager | Full permissions to manage BIG-IP Next instances including onboarding, instance discovers, creating backups, upgrading, licensing, and creating QKView reports. |
| Application Manager | Full permissions to create, view, update, and delete all objects associated with Applications, iRules, and migrations. Read-only permissions for all Application referenced objects (such as WAF policies, Access Policies,SSLO, and Certificates), Application-related events, traffic logs, and audit logs, Application-related alerts and notifications, and BIG-IP Next instances on the My Instances screen. |
| Certificate Manager | Full permission to create, view, update, and delete all objects associated with Certificates and Keys. |
| Security Manager | Full permission to create, view read, update, and delete all objects associated with WAF, Access, and SSLO. |
| Auditor | Read-only access for BIG-IP Next Central Manager. |
Procedure¶
Use the following procedure to assign a user to a role. You can assign multiple roles to a single user.
Log in to BIG-IP Next Central Manager.
Click the Workspace icon next to the F5 logo and then click System.
On the left, click Users.
Click the + Add button at the right.
The New User panel opens.Enter a Username and optional Display Name and Email Address.
Select Standard Role and the role you want to assign to this user.
Enter and confirm a Password.
Click the Add User button.