auth user
auth user(1) BIG-IP TMSH Manual auth user(1)
NAME
user - Configures user accounts for the BIG-IP(r) system.
MODULE
auth
SYNTAX
Modify the user component within the auth module using the syntax shown in the following sections.
CREATE/MODIFY
create user [name]
modify user [name]
options:
description [text...]
partition-access [add | modify | delete |replace-all-with { [partition-name] { role [role-name] } } ]
password [text]
prompt-for-password
shell [name]
where [role-name]: [acceleration-policy-editor | admin | fraud-protection-manager |
application-editor | auditor | certificate-manager |
firewall-manager | guest | irule-manager | manager |
no-access | operator | resource-admin | user-manager |
web-application-security-administrator |
web-application-security-editor | web-application-security-operations-administrator]
DISPLAY
list user
list user [ [ [name] | [glob] | [regex] ] ... ]
show running-config user
show running-config user [ [ [name] | [glob] | [regex] ] ... ]
options:
encrypted-password
one-line
partition
show user
options:
field-fmt
DELETE
delete user [name]
DESCRIPTION
You can create user accounts where the user names differ only by case-sensitivity (for example, david and
DAVID).
You can configure the partition-access property to grant a user access to more than one partition on the
system. In the case where you do not grant the user access to all partitions, you can assign the user a
different user role for each partition. A user can have only one role per partition. Any user with a role of
Administrator, Resource Administrator, Web Application Security Administrator, or Auditor always has access to
all partitions and can have no other role on the system.
Only users with the Administrator or User Manager roles are allowed to create or modify user accounts.
Additionally, only users with the Administrator, Resource Administrator, or User Manager user role can view
all of the user accounts in all of the partitions to which the user has access. Therefore, if you have a user
role other than one of these roles, you can only view your own user account.
EXAMPLES
create user nwinters partition-access add { all-partitions { role guest } }
Creates a new user named nwinters with a role of Guest in all partitions.
create user tknox password aBcD007 partition-access add { partition1 { role operator } }
Creates a new user named tknox with a role of operator in partition named partition1 and sets the user's login
password.
list user
Displays the viewable properties of all user accounts.
show user
Displays each user role and the corresponding partition access that is currently assigned to the user.
OPTIONS
description
Describes the user account in free form text.
encrypted-password
Displays the encrypted password for the user account.
glob Displays the items that match the glob expression. See help glob for a description of glob expression
syntax.
name Specifies a unique name for the component. This option is required for the commands create and modify.
Note: User account names are case-sensitive.
partition
Displays the name of the administrative partition in which the user account resides.
partition-access
Specifies the administrative partitions to which the user currently has access. Note that in addition to
these partitions, the user also has read access to the shared partitions Common and Root. An exception to
this is any user with the role No Access.
role Specifies the user role that pertains to the partition specified by the partition-access property. If you
do not want to assign a user role to the user account, specify the value no-access. This prevents the
user from accessing the system.
password
Sets the user password during creation or modification of a user account without prompting or
confirmation. May not be used with prompt-for-password. Passwords are hidden in log and history files.
prompt-for-password
Indicates that when the account is created or modified, the BIG-IP system prompts the administrator or
user manager for both a password and a password confirmation for the account.
regex
Displays the items that match the regular expression. The regular expression must be preceded by an at
sign (@[regular expression]) to indicate that the identifier is a regular expression. See help regex for
a description of regular expression syntax.
shell
Specifies the shell to which the user has access. Valid values are:
bash Provides an unrestricted system prompt. You can assign access to the bash shell only to users with
the Administrator role.
none Specifies no shell access. The user must use the Configuration utility.
tmsh Provides access to the Traffic Management shell. Resource Administrator user role can use the
tcpdump, ssldump, or qkview utilities within tmsh shell (run /util ). Other user roles may
be given this shell, as appropriate.
SEE ALSO
auth partition, auth password, create, delete, list, modify, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2010, 2012-2016. All rights reserved.
BIG-IP 2018-12-26 auth user(1)