Forum Discussion

jayantand's avatar
jayantand
Icon for Altostratus rankAltostratus
Jul 12, 2023

ASM Policies role based access

In my organization the application teams are asking for better visibitly to the asm policies applied to the specific applications. F5 asm user role 'Application Security Editor' seems to be fitting for this requirement.

But, I assume this will expose all asm policies to any user with role 'Application Security Editor'. Is it possible to restrict the access to specific asm policy for respective application teams so that other asm policies aren't exposed to non-relevent parties?

  • The BIG-IP supports configuration partitions that suits this request well. 
    Instead of configuring everything under the /Common/ container, you can create different folders each containing a set of objects that represent your application.
    Keep in mind, object in a specific partition can't see or refer objects in any other partition other than their own and /Common folder, so you should configure every "related" object in the same place. 
    After you do so, you can assign user roles only on the specific partition they need to see. 

    https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-concepts-11-5-0/8.html

  • The BIG-IP supports configuration partitions that suits this request well. 
    Instead of configuring everything under the /Common/ container, you can create different folders each containing a set of objects that represent your application.
    Keep in mind, object in a specific partition can't see or refer objects in any other partition other than their own and /Common folder, so you should configure every "related" object in the same place. 
    After you do so, you can assign user roles only on the specific partition they need to see. 

    https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/tmos-concepts-11-5-0/8.html