Forum Discussion

jayantand's avatar
jayantand
Icon for Altostratus rankAltostratus
Jul 12, 2023

ASM Policies role based access

In my organization the application teams are asking for better visibitly to the asm policies applied to the specific applications. F5 asm user role 'Application Security Editor' seems to be fitting f...
application delivery
asm
roll-based access
security
  • CA_Valli's avatar
    CA_Valli
    Jul 13, 2023

    The BIG-IP supports configuration partitions that suits this request well. 
    Instead of configuring everything under the /Common/ container, you can create different folders each containing a set of objects that represent your application.
    Keep in mind, object in a specific partition can't see or refer objects in any other partition other than their own and /Common folder, so you should configure every "related" object in the same place. 
    After you do so, you can assign user roles only on the specific partition they need to see. 

    https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-concepts-11-5-0/8.html

  • Leslie_Hubertus's avatar
    Leslie_Hubertus
    Jul 18, 2023

    Hey jayantand - I marked CA_Valli 's reply as an Accepted Solution. Let us know if you're still looking for help!

CA_Valli's avatar
CA_Valli
Icon for MVP rankMVP
Jul 13, 2023

The BIG-IP supports configuration partitions that suits this request well. 
Instead of configuring everything under the /Common/ container, you can create different folders each containing a set of objects that represent your application.
Keep in mind, object in a specific partition can't see or refer objects in any other partition other than their own and /Common folder, so you should configure every "related" object in the same place. 
After you do so, you can assign user roles only on the specific partition they need to see. 

https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-concepts-11-5-0/8.html