Bug ID 1018145: Firewall Manager user role is not allowed to configure/view protocol inspection profiles

Last Modified: Sep 23, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1

Fixed In:
15.1.4

Opened: May 12, 2021
Severity: 3-Major

Symptoms

A user account with the "firewall-manager" role that is assigned permissions only to custom partitions will not be able to configure protocol inspection profiles.

Impact

Any user account without access to "/Common" partition is not allowed to configure protocol inspection profiles.

Conditions

-- A user account is created with the role firewall-manager. -- A custom partition is created. -- The newly created user is given access to the newly created partition.

Workaround

- If the user account is provided access to "/Common" partition as well, the user should be able to configure protocol-inspection profiles in the newly created custom partitions.

Fix Information

The permissions are granted for any non-admin user to configure protocol inspection profiles in a custom partition as long as they have access to "/Common" partition as well.

Behavior Change