Bug ID 705270: Web Application Manager, Editor and Security Manager roles do not have permissions to accept central policy builder suggestions for a policy

Last Modified: Feb 22, 2018

Bug Tracker

Affected Product:  See more info
BIG-IQ Web App Security (ASM)(all modules)

Fixed In:
6.0.0, 5.4.0

Opened: Feb 04, 2018
Severity: 3-Major

Symptoms

Some users receive a 403 Not Authorized error when attempting to manually accept a policy suggestion generated by the Central Policy Manager.

Impact

Non-privileged users cannot manually accept central policy builder suggestions.

Conditions

This happens for users with the role of Web Application Manager, Web Application Editor, or Security Manager.

Workaround

Provide users with Administrator role access to manually accept these suggestions.

Fix Information

After installing this fix, you must: 1) Note/record the built-in role names for each of your users and user groups. 2) Execute the /usr/bin/rbac-reset command on each BIG-IQ console device, so that roles are regenerated with the proper access privileges. 3) After the system is back up, add the users and groups back to the built-in roles saved in step 1. Users with the role of Web Application Manager, Web Application Editor, or Security Manager can now manually accept policy suggestions from the central policy manager.

Behavior Change