Bug ID 918081: Application Security Administrator role cannot create parent policy in the GUI

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
15.1.0,,,,,, 16.0.0,, 16.0.1

Fixed In:
16.1.0,, 15.1.1

Opened: Jun 16, 2020

Severity: 3-Major


In the GUI, for the Application Security Administrator role, when you create a new ASM policy, the Policy Type is greyed out and the parent policy cannot be created


The following actions are restricted to accounts with roles Application Security Administrator: -- Create/Edit parent policy. -- Edit Inheritance Settings for parent policy. -- Clone Policy, selecting policy type is disabled.


-- Create user account with the Application Security Administrator user role. -- Use that account to logon to the GUI and try to create/edit the parent policy.


There are two possible workarounds: -- Have the Administrator or Resource Administrator create a parent policy instead of the Application Security Administrator. -- Create parent policy using tmsh or REST call.

Fix Information

The Application Security Administrator role can now create the parent policy when required.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips