Administrator
--> This is the most powerful user role on the system and grants users complete access to all objects on the system.
--> Users with this role cannot have other user roles on the system.
--> This role has access to all the partitions on the Big IP system and it cannot be changed.
--> Users with this role can be provided with Advanced Shell access and TMSH access on BIG IP System.
--> Administrator role users can change their own passwords on the Big IP system.
Resource Administrator
--> This role grants a user full access to all objects on the system except BIG-IP user accounts.
--> This role does not allow to modify user accounts on the BIG-IP system.
--> Users with this role cannot have other user roles on the system.
--> Users with this role can be provided with Advanced Shell access and TMSH access on BIG IP System.
--> This role has access to all the partitions on the Big IP system and it cannot be changed.
--> Administrator role users can change their own passwords on the Big IP system.
User Manager
--> The role is useful to manage the user accounts on the BIG IP system.
--> The role allows the user to create/modify/delete user accounts and assign them to the specific partition.
--> The role allows the user to modify the other user's password as well as terminal access permission.
--> Users with this role can be provided with only TMSH access on BIG IP System.
--> This role allows the user to have access to the specific partitions or All partitions on the Big IP system.
--> The role allows the user to change its own password.
Manager
--> The role is useful to manage the LTM objects on the BIG IP system.
--> The role allows the user to create/modify/delete Virtual Servers, Pool members, Pools, Nodes, Monitors, and irules in the assigned partition.
--> Users with this role can be provided with only TMSH access on BIG IP System.
--> This role allows the user to have access to the specific partitions or All partitions on the Big IP system.
--> The role allows the user to change its own password.
Certificate Manager
--> The role is useful to manage the certificates related objects on the BIG IP system.
--> The role allows the user to create/modify/delete Certificates/Keys in the assigned partition.
--> Users with this role can be provided with only TMSH access on BIG IP System.
--> This role allows the user to have access to the specific partitions or All partitions on the Big IP system.
--> The role allows the user to change its own password.
irule Manager
--> The role is useful to manage the irules on the BIG IP system.
--> The role allows the user to create/modify/delete irules only but does not allow to assign/remove the irule from the virtual server on the BIG IP System.
--> Users with this role can be provided with only TMSH access on BIG IP System.
--> This role allows the user to have access to the specific partitions or All partitions on the Big IP system.
--> The role allows the user to change its own password.
Application Editor
--> The role is useful to manage the Specific LTM objects on the BIG IP system.
--> The role allows the user to create/modify/delete monitors/pools/pool members/nodes on the assigned partition.
--> Users with this role can be provided with only TMSH access on BIG IP System.
--> This role allows the user to have access to the specific partitions or All partitions on the Big IP system.
--> The role allows the user to change its own password.
Acceleration Policy Editor
--> The role is useful to manage the Acceleration Policies/Objects on the BIG IP system.
--> The role allows the user to create/modify/delete Acceleration Policies/Profiles on the Big IP System.
--> Users with this role can be provided with only TMSH access on BIG IP System.
--> This role allows the user to have access to the All partitions on the Big IP system.
--> The role allows the user to change its own password.
Firewall Manager
--> The role is useful to manage the AFM objects on the BIG IP system.
--> The role allows the user to create/modify/delete Firewall rules and objects on the assigned partition.
--> Users with this role can be provided with only TMSH access on BIG IP System.
--> This role allows the user to have access to the specific partitions or All partitions on the Big IP system.
--> The role allows the user to change its own password.
Application-Specific Administrator
--> This user role allows full access to the ASM module on the Big IP System.
--> Users with this role cannot have other user roles on the system.
--> This role has access to all the partitions on the Big IP system and it cannot be changed.
--> Users with this role can be provided with TMSH access on BIG IP System.
--> This role can only be assigned if the ASM module is provisioned on the BIG IP System.
Application Security Editor
--> This user role allows access to Most of the parts in the ASM module on the Big IP System.
--> Users with this role cannot have other user roles on the system.
--> This role has access to all the partitions or specific partitions on the Big IP system and it cannot be changed.
--> Users with this role can be provided with TMSH access on BIG IP System.
--> This role can only be assigned if the ASM module is provisioned on the BIG IP System.
--> The role does not allow the user to change its own password.
Fraud Protection Manager
--> This user role allows the access to Fraud Protection Service on the Big IP System.
--> This role has access to all the partitions or specific partitions on the Big IP system and it cannot be changed.
--> Users with this role can be provided with TMSH access on BIG IP System.
--> The role does not allow the user to change its own password.
Operator
--> This user role allows the user to enable/disable Pool members/nodes on the BIG IP system.
--> This role has access to all the partitions or specific partitions on the Big IP system and it cannot be changed.
--> Users with this role can be provided with TMSH access on BIG IP System.
--> The role does not allow the user to change its own password.
Auditor
--> This user role allows the user to have full read-only access except support tools/SSL Certificates and archives on the BIG IP system.
--> This role has access to all the partitions or specific partitions on the Big IP system and it cannot be changed.
--> Users with this role can be provided with TMSH access on BIG IP System.
--> The role does allow the user to change its own password.
Guest
--> This user role allows the user to have full read-only access except support tools/SNMP Configurations/logs and archives on the BIG IP system.
--> This role has access to all the partitions on the Big IP system and it cannot be changed.
--> Users with this role can be provided with TMSH access on BIG IP System.
--> The role does allow the user to change its own password.
No Access
--> Users with role have No access to BIG IP System.
Reference: F5.com.
MD.Kareemoddin,
CCIE # 54759
Super Duper Explanation
ReplyDelete