Bug ID 430793: Software Checks configuration cannot be created for certain role based access controls

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.4.0, 11.4.1

Fixed In:
11.5.0, 11.4.1 HF2, 11.4.0 HF4

Opened: Sep 16, 2013

Severity: 3-Major

Related Article: K14904

Symptoms

Create a new partition on bigip and a new user and give this user a 'manager' role to access this partition. This user can create new access policy in APM but it cannot add new software check agents (antivirus, firewall, peer-to-peer, windows HD encryption, health agent, patch management and anti-spyware) to that access policy from VPE (or tmsh). VPE throws following error: "Server request for 'addItemDialogout' is failed: Request status=500" tmsh throws error something like this: Access Denied: user (rbacUser) does not have create access to object (agent_endpoint_check_software_item)

Impact

Partition manager user cannot create software check agents.

Conditions

BIGIP v11.4.0, v11.4.1

Workaround

None

Fix Information

Fixed issue when creating AV/FW configurations that caused 'access denied' error.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips