Forum Discussion
Mollusk7796
Nimbostratus
Nimbostratusbig-IQ custom role-type for web application firewall
Dear all,
We want to allow our users to review, modify and deploy their web application firewall policy on the big-IQ.
The default roles do not allow for this; because they also allow the users to create and delete policy's.
I think this can be done by creating a custom Role Type, combined with the `Resource Group deployer` and a resource group containing only the WAF policy's they have access too.
I have created this role type:
Which does nearly everything I need, except that i get the following error when deploying:
Deployment does work when I combine the `Web App Security Manager` role with the `resource group deployer`. But then the user is also allowed to create new waf policies.
Does anybody know which permissions I am missing from the role type?
- Kevin_Davies
MVP
Raise a ticket with F5. They are the only people who will have the knowlege on the limitations of combining permission sets.
McKinley
To create a custom role-type for the Web Application Firewall (WAF) in BIG-IP's BIG-IQ Centralized Management platform, you can follow these general steps:Log in to your BIG-IQ Centralized Management platform using administrative credentials.
Navigate to the "Access" section or the "Security" section, depending on the version of BIG-IQ you are using.
Locate the section related to roles or user management. In this section, you should find an option to create a new role or role-type.
Click on the option to create a new role or role-type.
Provide a name for the custom role-type that represents its purpose, such as "WAF Administrator" or "WAF Manager."
Define the permissions and access rights for the custom role-type. The specific permissions will depend on your requirements and the level of access you want to grant to WAF-related resources and features.
Ensure that the custom role-type has appropriate access to WAF-related functionalities, such as creating and managing WAF policies, managing security rules, configuring application profiles, and accessing WAF reporting and analytics.
Save the custom role-type configuration.
Once you have created the custom role-type, you can assign it to specific users or groups within your BIG-IQ environment. These users or groups will then have the defined permissions and access rights associated with the custom role-type, allowing them to manage the WAF functionality based on their assigned role.
It's important to note that the specific steps and options for creating custom role-types may vary depending on the version of BIG-IQ you are using. It's recommended to refer to the official documentation or user guide for your specific version of BIG-IQ for detailed instructions on creating custom role-types and configuring WAF-related permissions and access rights.
Mollusk7796 - are you still having difficulties, or were you able to resolve it with either suggestion above or another way?
Mollusk7796No not really.
It was a nice explanation of how to make a custom role, but nothing on what permissions are needed for my requirements.
ill make a support ticket.Sorry the community couldn't help you in this case, Mollusk7796. Did you get the answer you needed from F5 Support?
