Account Roles
Roles in F5 Distributed Cloud Console (F5XC)
To access F5 Distributed Cloud App Infrastructure Protection (AIP) via F5 Distributed Cloud Services (F5XC), you must be a tenant owner of at least one namespace OR have one of the following roles in the system namespace:
- ves-io-monitor-role
- ves-io-admin-role
- ves-io-power-developer-role
- f5xc-aip-admin
- f5xc-aip-user
- f5xc-aip-monitor
If you are not a tenant owner, you must also have one of the following roles in the default namespace OR any namespace associated with Distributed Cloud AIP:
- f5xc-aip-admin
- f5xc-aip-user
- f5xc-aip-monitor
This role determines your role in Distributed Cloud AIP according to the following:
- f5xc-aip-admin in F5XC becomes Owner in Distributed Cloud AIP
- f5xc-aip-user in F5XC becomes User in Distributed Cloud AIP
- f5xc-aip-monitor in F5XC becomes Reader in Distributed Cloud AIP
For more information about roles in F5XC, see Roles.
Important
Please ensure one of the above f5xc-aip roles is assigned to the default namespace. An AIP role must be assigned in order to provide access to the AIP application itself. For more information about namespaces, see Namespaces in F5XC and Distributed Cloud AIP.
Roles in Distributed Cloud AIP
Distributed Cloud AIP includes three possible roles for accounts in your organization. The permissions of each role below apply to both the Distributed Cloud AIP user interface (UI) and API:
- Owner – The Owner role invites new users to your organization, assigns roles to accounts, and can manage, revoke, and remove accounts. The Owner also has the same permissions as the User and the Reader roles.
- User – The User role can view, search, and edit all data entering Distributed Cloud AIP. The User can invite new users to your organization, but can only assign new users the User or Reader role, and cannot remove existing users' access.
- Reader – The Reader role can view all data entering Distributed Cloud AIP, but cannot make any changes to the data.