We want to allow our users to review, modify and deploy their web application firewall policy on the big-IQ.
The default roles do not allow for this; because they also allow the users to create and delete policy's.
I think this can be done by creating a custom Role Type, combined with the `Resource Group deployer` and a resource group containing only the WAF policy's they have access too.
I have created this role type:
Which does nearly everything I need, except that i get the following error when deploying:
Deployment does work when I combine the `Web App Security Manager` role with the `resource group deployer`. But then the user is also allowed to create new waf policies.
Does anybody know which permissions I am missing from the role type?
To create a custom role-type for the Web Application Firewall (WAF) in BIG-IP's BIG-IQ Centralized Management platform, you can follow these general steps:
Log in to your BIG-IQ Centralized Management platform using administrative credentials.
Navigate to the "Access" section or the "Security" section, depending on the version of BIG-IQ you are using.
Locate the section related to roles or user management. In this section, you should find an option to create a new role or role-type.
Click on the option to create a new role or role-type.
Provide a name for the custom role-type that represents its purpose, such as "WAF Administrator" or "WAF Manager."
Define the permissions and access rights for the custom role-type. The specific permissions will depend on your requirements and the level of access you want to grant to WAF-related resources and features.
Ensure that the custom role-type has appropriate access to WAF-related functionalities, such as creating and managing WAF policies, managing security rules, configuring application profiles, and accessing WAF reporting and analytics.
Save the custom role-type configuration.
Once you have created the custom role-type, you can assign it to specific users or groups within your BIG-IQ environment. These users or groups will then have the defined permissions and access rights associated with the custom role-type, allowing them to manage the WAF functionality based on their assigned role.
It's important to note that the specific steps and options for creating custom role-types may vary depending on the version of BIG-IQ you are using. It's recommended to refer to the official documentation or user guide for your specific version of BIG-IQ for detailed instructions on creating custom role-types and configuring WAF-related permissions and access rights.