ASM Policies role based access

Question

In my organization the application teams are asking for better visibitly to the asm policies applied to the specific applications. F5 asm user role 'Application Security Editor' seems to be fitting for this requirement.

But, I assume this will expose all asm policies to any user with role 'Application Security Editor'. Is it possible to restrict the access to specific asm policy for respective application teams so that other asm policies aren't exposed to non-relevent parties?

ca_valli · Accepted Answer

The BIG-IP supports configuration partitions that suits this request well.&nbsp;Instead of configuring everything under the /Common/ container, you can create different folders each containing a set of objects that represent your application. Keep in mind, object in a specific partition can't see or refer objects in any other partition other than their own and /Common folder, so you should configure every "related" object in the same place.&nbsp;After you do so, you can assign user roles only on the specific partition they need to see.&nbsp;
https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-concepts-11-5-0/8.html

Forum Discussion

ASM Policies role based access

Recent Discussions

Protect game servers

Irules Editor

SSL Server Profile

VAPT or APT tools scan prevention

High CPU utilization (100%).

Related Content

Access policy, LTM policy and iRules

F5 BIG-IP Access Policy Manager (APM) - Idp integration - Cisco vManage

F5's Access Policy Manager the Access Proxy for Zero Trust Architectures

WAF Policy Editor - a Web-Based Tool to Configure a Declarative WAF Policy

Manage F5 BIG-IP FAST with Terraform (Part 3 - Manage multiple AWAF policies based on HTTP criteria)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS