A local user account (Users) on the BIG-IP device is assigned the User Manager role. User1 attempts to modify the properties of another account (User2), but the action fails. The BIG-IP Administrator can successfully modify the User2 account. Assuming the principle of least privilege, what is the correct way to allow User1 to modify User2 properties? (Choose one answer)

A. Move User2 to the same partition as User1
B. Grant User administrator privileges
C. Move User1 to the same partition as User2
D. Modify the partition access for User1

Correct Answer: D

Brave-Dump Clients Votes

D 100%

Comments

Anonymous User 2026-01-17 20:31:39

Selected Answers: D

The correct way to allow User1 (with User Manager role) to modify User2's properties, while adhering to least privilege, is to Modify the partition access for User1 (D), specifically by granting User1 access to the partition where User2 resides, ensuring User1's role within that partition permits user management, as roles and management rights are partition-specific on BIG-IP, not global.
Here's why:
BIG-IP Partitioning: BIG-IP uses partitions to segregate configuration objects, including user accounts; a user's permissions (role) are tied to the partition they are working in.
User Manager Role: This role allows managing users within the assigned partition, but User1 lacks access to User2's partition.
Why other options are wrong:
A & C (Moving Users): Changing partitions for the users might work but isn't the most precise fix for User1's permissions; it changes the structure unnecessarily.
B (Admin Privileges): Granting administrator privileges violates the principle of least privilege, giving User1 far more power than needed.