Last Modified: Dec 15, 2025
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 16.0.0, 16.0.0.1, 16.0.1
Fixed In:
16.1.0, 16.0.1.1, 15.1.1
Opened: Jun 16, 2020 Severity: 3-Major
In the GUI, for the Application Security Administrator role, when you create a new ASM policy, the Policy Type is greyed out and the parent policy cannot be created
The following actions are restricted to accounts with roles Application Security Administrator: -- Create parent policy. -- Edit Inheritance Settings for parent policy. -- Clone Policy, selecting policy type is disabled. -- Editing the General Settings of parent policies via the GUI is also restricted, and was not fixed with this ID in v16.1.0 or later versions. That fix will be included in ID2185537
-- Create user account with the Application Security Administrator user role. -- Use that account to logon to the GUI and try to create the parent policy.
There are two possible workarounds: -- Have the Administrator or Resource Administrator create and edit a parent policy instead of the Application Security Administrator. -- Create or edit parent policy using tmsh or REST call.
The Application Security Administrator role can now create the parent policy when required. However, this role is still unable to edit the General Settings of these parent policies through the GUI in versions v16.1.0 and upward. Please see ID2185537 for more details on this related issue.