Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

big-IQ custom role-type for web application firewall

Mollusk7796
Nimbostratus
Nimbostratus

Dear all,

We want to allow our users to review, modify and deploy their web application firewall policy on the big-IQ.
The default roles do not allow for this; because they also allow the users to create and delete policy's.

I think this can be done by creating a custom Role Type, combined with the `Resource Group deployer` and a resource group containing only the WAF policy's they have access too.

I have created this role type:

Mollusk7796_0-1684325570854.png

Which does nearly everything I need, except that i get the following error when deploying:

Mollusk7796_1-1684325652267.png

Deployment does work when I combine the `Web App Security Manager` role with the `resource group deployer`. But then the user is also allowed to create new waf policies.


Does anybody know which permissions I am missing from the role type?

 

0 REPLIES 0