Last Modified: May 29, 2024
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 16.0.0, 16.0.0.1, 16.0.1
Fixed In:
16.1.0, 16.0.1.1, 15.1.1
Opened: Jun 16, 2020 Severity: 3-Major
In the GUI, for the Application Security Administrator role, when you create a new ASM policy, the Policy Type is greyed out and the parent policy cannot be created
The following actions are restricted to accounts with roles Application Security Administrator: -- Create/Edit parent policy. -- Edit Inheritance Settings for parent policy. -- Clone Policy, selecting policy type is disabled.
-- Create user account with the Application Security Administrator user role. -- Use that account to logon to the GUI and try to create/edit the parent policy.
There are two possible workarounds: -- Have the Administrator or Resource Administrator create a parent policy instead of the Application Security Administrator. -- Create parent policy using tmsh or REST call.
The Application Security Administrator role can now create the parent policy when required.