« iControl Perl - Getting Started | Main | iControl Perl - Authentication »


iControl Perl - User Accounts

Figuring out what kind of user account your iControl script is going to require is about as simple as figuring out what rights a regular user is going to need. If your script is simply echoing back statistics or pools or pool member stats or virtual server configurations, you don't need a user account that is going to have Administrative rights to your BigIP. You can get away with "Auditor" rights for these types of scripts. They also will not require any special terminal rights since they are going to be executed remotely.

If your script is going to enable or disable nodes or pool members, "Operator" rights should be sufficient. The "Application Editor" role will give your script the ability to modify pools like setting weights, adding or deleting pool members, or modifying nodes and pools to attach monitors.

Operationally, it is tempting to just create an Administrative user that can do whatever it wants but I'd discourage that practice when you consider the security ramifications. You might, at some future point, want to distribute your scripts to junior members of your team but if you're embedding an Administrative account in your script, you may inadvertently be providing folks with the access that they shouldn't have so I encourage people to use an account that has the lowest privileges available to get the task done.

Other Posts in This Series

iControl Perl - Getting Started << Previous | Next >> iControl Perl - Authentication


TrackBack URL for this entry:

Listed below are links to weblogs that reference iControl Perl - User Accounts: