Bug ID 705270: Web Application Manager, Editor and Security Manager roles do not have permissions to accept central policy builder suggestions for a policy

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IQ Web App Security (ASM)(all modules)

Fixed In:
5.4.0 HF2

Opened: Feb 04, 2018

Severity: 3-Major

Symptoms

Some users receive a 403 Not Authorized error when attempting to manually accept a policy suggestion generated by the Central Policy Manager.

Impact

Non-privileged users cannot manually accept central policy builder suggestions.

Conditions

This happens for users with the role of Web Application Manager, Web Application Editor, or Security Manager.

Workaround

Provide users with Administrator role access to manually accept these suggestions.

Fix Information

After installing this fix, you must: 1) Note/record the built-in role names for each of your users and user groups. 2) Execute the /usr/bin/rbac-reset command on each BIG-IQ console device, so that roles are regenerated with the proper access privileges. 3) After the system is back up, add the users and groups back to the built-in roles saved in step 1. Users with the role of Web Application Manager, Web Application Editor, or Security Manager can now manually accept policy suggestions from the central policy manager.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips