Last Modified: Sep 14, 2023
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6
Fixed In:
15.0.0
Opened: Aug 20, 2018 Severity: 3-Major
The existing AuthZ roles for Application Security are: -- Application Security Administrator (aka ASA aka WASA) -- Application Security Editor (aka ASE aka WASE) ASA is an administrator role and has significant authority to make device-wide changes. On the other hand, ASE is very limited in capabilities.
ASOA will not be able to create or delete Virtual Servers or LTM policies in GUI or in tmsh.
There is a specific demand for a role which can manipulate virtual server association for ASM, but is not an administrator.
You can use the ASA role to perform required tasks.
A new role was added, to be called Application Security Operations Administrator (aka ASOA) which can associate and disassociate ASM policies and Logging Profiles with Virtual Servers. ASOA will have the same capabilities as ASE. Additionally, on the 'Virtual Server:: Security :: Policies' GUI page, ASOA will be able to: -- associate ASM policy with virtual server (which will implicitly create a LTM policy for the association). -- disassociate ASM policy from virtual server (which will implicitly delete the associated L7 policy). -- associate Logging Profile with virtual server. -- disassociate Logging Profile with virtual server. -- associate DoS Profile with virtual server. -- disassociate DoS Profile from virtual server. -- associate Bot Profile with virtual server. -- disassociate Bot Profile from virtual server. -- ASOA will also be able to associate and disassociate these policies/profiles from the 'Security :: Overview :: Summary' page. ASOA will have read access to the virtual server list and LTM policy list in both GUI and tmsh. ASOA will also be able to modify the list of LTM policies associated with a virtual server in both GUI and tmsh.