Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

big-IQ custom role-type for web application firewall

Mollusk7796
Nimbostratus
Nimbostratus

‎17-May-2023 05:17

Dear all,

We want to allow our users to review, modify and deploy their web application firewall policy on the big-IQ.
The default roles do not allow for this; because they also allow the users to create and delete policy's.

I think this can be done by creating a custom Role Type, combined with the `Resource Group deployer` and a resource group containing only the WAF policy's they have access too.

I have created this role type:

Mollusk7796_0-1684325570854.png

Which does nearly everything I need, except that i get the following error when deploying:

Mollusk7796_1-1684325652267.png

Deployment does work when I combine the `Web App Security Manager` role with the `resource group deployer`. But then the user is also allowed to create new waf policies.


Does anybody know which permissions I am missing from the role type?

 

Labels:
0 Kudos
5 REPLIES 5

Kevin_Davies
MVP
MVP

‎19-Jun-2023 17:21 - edited ‎19-Jun-2023 17:21

Raise a ticket with F5. They are the only people who will have the knowlege on the limitations of combining permission sets.

0 Kudos

McKinley
Nimbostratus
Nimbostratus

‎30-Jun-2023 01:37


To create a custom role-type for the Web Application Firewall (WAF) in BIG-IP's BIG-IQ Centralized Management platform, you can follow these general steps:

Log in to your BIG-IQ Centralized Management platform using administrative credentials.

Navigate to the "Access" section or the "Security" section, depending on the version of BIG-IQ you are using.

Locate the section related to roles or user management. In this section, you should find an option to create a new role or role-type.

Click on the option to create a new role or role-type.

Provide a name for the custom role-type that represents its purpose, such as "WAF Administrator" or "WAF Manager."

Define the permissions and access rights for the custom role-type. The specific permissions will depend on your requirements and the level of access you want to grant to WAF-related resources and features.

Ensure that the custom role-type has appropriate access to WAF-related functionalities, such as creating and managing WAF policies, managing security rules, configuring application profiles, and accessing WAF reporting and analytics.

Save the custom role-type configuration.

Once you have created the custom role-type, you can assign it to specific users or groups within your BIG-IQ environment. These users or groups will then have the defined permissions and access rights associated with the custom role-type, allowing them to manage the WAF functionality based on their assigned role.

It's important to note that the specific steps and options for creating custom role-types may vary depending on the version of BIG-IQ you are using. It's recommended to refer to the official documentation or user guide for your specific version of BIG-IQ for detailed instructions on creating custom role-types and configuring WAF-related permissions and access rights.

0 Kudos

Leslie_Hubertus
Community Manager
Community Manager

‎17-Jul-2023 13:32

@Mollusk7796  - are you still having difficulties, or were you able to resolve it with either suggestion above or another way?

0 Kudos

Mollusk7796
Nimbostratus
Nimbostratus

‎18-Jul-2023 00:51

No not really.
It was a nice explanation of how to make a custom role, but nothing on what permissions are needed for my requirements.

ill make a support ticket.

0 Kudos

Leslie_Hubertus
Community Manager
Community Manager
In response to Mollusk7796

‎24-Jul-2023 17:52

Sorry the community couldn't help you in this case, @Mollusk7796. Did you get the answer you needed from F5 Support?

0 Kudos
Copyright © 2023 Khoros, LLC