Bug ID 918081: Application Security Administrator role cannot create parent policy in the GUI

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 16.0.0, 16.0.0.1, 16.0.1

Fixed In:
16.1.0, 16.0.1.1, 15.1.1

Opened: Jun 16, 2020

Severity: 3-Major

Symptoms

In the GUI, for the Application Security Administrator role, when you create a new ASM policy, the Policy Type is greyed out and the parent policy cannot be created

Impact

The following actions are restricted to accounts with roles Application Security Administrator: -- Create/Edit parent policy. -- Edit Inheritance Settings for parent policy. -- Clone Policy, selecting policy type is disabled.

Conditions

-- Create user account with the Application Security Administrator user role. -- Use that account to logon to the GUI and try to create/edit the parent policy.

Workaround

There are two possible workarounds: -- Have the Administrator or Resource Administrator create a parent policy instead of the Application Security Administrator. -- Create parent policy using tmsh or REST call.

Fix Information

The Application Security Administrator role can now create the parent policy when required.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips