ASM Policies role based access

Question

In my organization the application teams are asking for better visibitly to the asm policies applied to the specific applications. F5 asm user role 'Application Security Editor' seems to be fitting for this requirement.

But, I assume this will expose all asm policies to any user with role 'Application Security Editor'. Is it possible to restrict the access to specific asm policy for respective application teams so that other asm policies aren't exposed to non-relevent parties?

ca_valli · Accepted Answer

The BIG-IP supports configuration partitions that suits this request well.&nbsp;Instead of configuring everything under the /Common/ container, you can create different folders each containing a set of objects that represent your application. Keep in mind, object in a specific partition can't see or refer objects in any other partition other than their own and /Common folder, so you should configure every "related" object in the same place.&nbsp;After you do so, you can assign user roles only on the specific partition they need to see.&nbsp;
https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-concepts-11-5-0/8.html

Forum Discussion

ASM Policies role based access

2 Replies

Recent Discussions

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

Related Content

Federated AWS Console Access Made Easy: F5 BIG-IP Access Policy Manager Access Guided Configurations

F5 BIG-IP Access Policy Manager (APM) Identity-based steering with SSL Orchestrator (SSLO)

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

F5 BIG-IP Access Policy Manager (APM) Machine Tunnels for Windows

Converting TCL-Based iRules to Distributed Cloud Service Policies and L7 Routes