auth user
auth user(1) BIG-IP TMSH Manual auth user(1)
NAME
user - Configures user accounts for the BIG-IP(r) system.
MODULE
auth
SYNTAX
Modify the user component within the auth module using the syntax shown
in the following sections.
CREATE/MODIFY
create user [name]
modify user [name]
options:
description [text...]
partition-access [add | modify | delete |replace-all-with { [partition-name] { role [role-name] } } ]
password [text]
prompt-for-password
shell [name]
where [role-name]: [acceleration-policy-editor | admin | fraud-
protection-manager |
application-editor | auditor | certificate-manager |
firewall-manager | guest | irule-manager | manager |
no-access | operator | resource-admin | user-manager |
web-application-security-administrator |
web-application-security-editor]
DISPLAY
list user
list user [ [ [name] | [glob] | [regex] ] ... ]
show running-config user
show running-config user [ [ [name] | [glob] | [regex] ] ... ]
options:
encrypted-password
one-line
partition
show user
options:
field-fmt
DELETE
delete user [name]
DESCRIPTION
You can create user accounts where the user names differ only by case-
sensitivity (for example, david and DAVID).
You can configure the partition-access property to grant a user access
to more than one partition on the system. In the case where you do not
grant the user access to all partitions, you can assign the user a
different user role for each partition. A user can have only one role
per partition. Any user with a role of Administrator, Resource
Administrator, Web Application Security Administrator, or Auditor
always has access to all partitions and can have no other role on the
system.
Only users with the Administrator or User Manager roles are allowed to
create or modify user accounts.
Additionally, only users with the Administrator, Resource
Administrator, or User Manager user role can view all of the user
accounts in all of the partitions to which the user has access.
Therefore, if you have a user role other than one of these roles, you
can only view your own user account.
EXAMPLES
create user nwinters partition-access add { all-partitions { role guest
} }
Creates a new user named nwinters with a role of Guest in all
partitions.
create user tknox password aBcD007 partition-access add { partition1 {
role operator } }
Creates a new user named tknox with a role of operator in partition
named partition1 and sets the user's login password.
list user
Displays the viewable properties of all user accounts.
show user
Displays each user role and the corresponding partition access that is
currently assigned to the user.
OPTIONS
description
Describes the user account in free form text.
encrypted-password
Displays the encrypted password for the user account.
glob Displays the items that match the glob expression. See help glob
for a description of glob expression syntax.
name Specifies a unique name for the component. This option is required
for the commands create and modify.
Note: User account names are case-sensitive.
partition
Displays the name of the administrative partition in which the
user account resides.
partition-access
Specifies the administrative partitions to which the user
currently has access. Note that in addition to these partitions,
the user also has read access to the shared partitions Common and
Root. An exception to this is any user with the role No Access.
role Specifies the user role that pertains to the partition specified
by the partition-access property. If you do not want to assign a
user role to the user account, specify the value no-access. This
prevents the user from accessing the system.
password
Sets the user password during creation or modification of a user
account without prompting or confirmation. May not be used with
prompt-for-password. Passwords are hidden in log and history
files.
prompt-for-password
Indicates that when the account is created or modified, the BIG-IP
system prompts the administrator or user manager for both a
password and a password confirmation for the account.
regex
Displays the items that match the regular expression. The regular
expression must be preceded by an at sign (@[regular expression])
to indicate that the identifier is a regular expression. See help
regex for a description of regular expression syntax.
shell
Specifies the shell to which the user has access. Valid values
are:
bash Provides an unrestricted system prompt. You can assign access
to the bash shell only to users with the Administrator or
Resource Administrator role. However, F5 Networks recommends
that you do not give bash shell access to users with the
Resource Administrator user role unless they use the tcpdump,
ssldump, or qkview utilities, or if they manage certificate
and key files using the console. Instead, F5 Networks
recommends that you give these users tmsh access.
none Specifies no shell access. The user must use the
Configuration utility.
tmsh Provides access to the Traffic Management shell.
SEE ALSO
auth partition, auth password, create, delete, list, modify, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2010, 2012-2016. All rights
reserved.
BIG-IP 2016-03-14 auth user(1)