Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IQ Platform
Known Affected Versions:
5.4.0, 6.0.1, 6.0.1.1, 6.0.1.2, 6.1.0, 7.0.0, 7.0.0.1, 7.0.0.2, 7.1.0, 7.1.0.1, 7.1.0.2, 7.1.0.3, 7.1.6, 7.1.6.1, 7.1.7, 7.1.7.1, 7.1.7.2, 7.1.8, 7.1.8.1, 7.1.8.2, 7.1.8.3, 7.1.8.4, 7.1.8.5, 7.1.9, 7.1.9.7, 7.1.9.8, 7.1.9.9
Opened: Jun 26, 2019 Severity: 3-Major
Prior to BIG-IQ version 8.0.0, all RADIUS users were automatically members of a BIG-IQ RADIUS user group with no authorization attributes.
Beginning with BIG-IQ version 8.0.0, a newly created RADIUS user group must have at least one authorization attribute. Only users having all the group's authorization attributes will be members of the group. After you upgrade to BIG-IQ 8.0.0 or later, any existing RADIUS user groups without any authorization attributes will contain no members. They will therefore serve no purpose. All existing RADIUS users will have no authorization to access BIG-IQ functionality through the default membership in a group.
Create a RADIUS authentication provider and a RADIUS user group with no authorization attributes.
Create a user group with the necessary authorization attributes to provide users with permissions granted by the roles the group is in. A user associated with the Administrator role can make these changes to the RADIUS authentication provider (user groups).
None
Prior to BIG-IQ version 8.0.0, all RADIUS users were automatically members of a RADIUS user group with no authorization attributes. Beginning with BIG-IQ version 8.0.0, a newly created RADIUS user group must have at least one authorization attribute. Only users having all the group's authorization attributes will be members of the group. After you upgrade to BIG-IQ 8.0.0 or later, any existing RADIUS user groups without any authorization attributes will contain no members. They will therefore serve no purpose. All existing RADIUS users will have no authorization to access BIG-IQ functionality through the default membership in a group.