auth user
auth user(1) BIG-IP TMSH Manual auth user(1)
NAME
user - Configures user accounts for the BIG-IP(r) system.
MODULE
auth
SYNTAX
Modify the user component within the auth module using the syntax shown in the following sections.
CREATE/MODIFY
create user [name]
modify user [name]
options:
description [text...]
partition-access [add | modify | delete |replace-all-with { [partition-name] { role [role-name] } } ]
password [text]
prompt-for-password
shell [name]
session-limit [integer]
where [role-name]: [acceleration-policy-editor | admin | fraud-protection-manager |
application-editor | auditor | certificate-manager |
firewall-manager | guest | irule-manager | log-manager | manager |
no-access | operator | resource-admin | user-manager |
web-application-security-administrator |
web-application-security-editor | web-application-security-operations-administrator]
DISPLAY
list user
list user [ [ [name] | [glob] | [regex] ] ... ]
show running-config user
show running-config user [ [ [name] | [glob] | [regex] ] ... ]
options:
encrypted-password
one-line
partition
show user
options:
field-fmt
DELETE
delete user [name]
DESCRIPTION
You can create user accounts where the user names differ only by case-sensitivity (for example, david and DAVID).
You can configure the partition-access property to grant a user access to more than one partition on the system. In the
case where you do not grant the user access to all partitions, you can assign the user a different user role for each
partition. A user can have only one role per partition. Any user with a role of Administrator, Resource Administrator, Web
Application Security Administrator, or Auditor always has access to all partitions and can have no other role on the
system.
Only users with the Administrator or User Manager roles are allowed to create or modify user accounts.
Additionally, only users with the Administrator, Resource Administrator, or User Manager user role can view all of the user
accounts in all of the partitions to which the user has access. Therefore, if you have a user role other than one of these
roles, you can only view your own user account.
EXAMPLES
create user nwinters partition-access add { all-partitions { role guest } }
Creates a new user named nwinters with a role of Guest in all partitions.
create user tknox password aBcD007 partition-access add { partition1 { role operator } }
Creates a new user named tknox with a role of operator in partition named partition1 and sets the user's login password.
list user
Displays the viewable properties of all user accounts.
show user
Displays each user role and the corresponding partition access that is currently assigned to the user.
OPTIONS
description
Describes the user account in free form text.
encrypted-password
Displays the encrypted password for the user account.
glob Displays the items that match the glob expression. See help glob for a description of glob expression syntax.
name Specifies a unique name for the component. This option is required for the commands create and modify.
Note: User account names are case-sensitive.
partition
Displays the name of the administrative partition in which the user account resides.
partition-access
Specifies the administrative partitions to which the user currently has access. Note that in addition to these
partitions, the user also has read access to the shared partitions Common and Root. An exception to this is any user
with the role No Access.
role Specifies the user role that pertains to the partition specified by the partition-access property. If you do not want
to assign a user role to the user account, specify the value no-access. This prevents the user from accessing the
system.
password
Sets the user password during creation or modification of a user account without prompting or confirmation. May not be
used with prompt-for-password. Passwords are hidden in log and history files.
prompt-for-password
Indicates that when the account is created or modified, the BIG-IP system prompts the administrator or user manager
for both a password and a password confirmation for the account.
regex
Displays the items that match the regular expression. The regular expression must be preceded by an at sign (@[regular
expression]) to indicate that the identifier is a regular expression. See help regex for a description of regular
expression syntax.
session-limit
Sets the ssh session limit per user, The range is -1 to 65535. By default it is disabled with value -1, where ssh
sessions are controlled by ssh-max-session-limit or ssh-max-session-limit-per-user When set to 0, the user is not
allowed to create any ssh sessions. For other values, is the maximum ssh sessions that the user can create, ssh-max-
session-limit is given higher precedence over this.
shell
Specifies the shell to which the user has access. Valid values are:
bash Provides an unrestricted system prompt. You can assign access to the bash shell only to users with the
Administrator role.
none Specifies no shell access. The user must use the Configuration utility.
tmsh Provides access to the Traffic Management shell. Resource Administrator user role can use the tcpdump, ssldump,
or qkview utilities within tmsh shell (run /util ). Other user roles may be given this shell, as
appropriate.
SEE ALSO
auth partition, auth password, create, delete, list, modify, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2010, 2012-2016. All rights reserved.
BIG-IP 2020-12-04 auth user(1)