Custom Role does not work using REST API on Ft LTM

I am only using LTM module version 13.1.0.8. After creating custom resource-group, custom role and associate user to the custom role, the result is not what I expect. Can anyone helps? I need a specific user account with RW permission to any iFile and nothing else. If I could disable read access to common partition, this is even better (not possible as I am ware as of now).

 

1. create a "testuser" under TEST partition with guest role

2. I have given all access to following paths for custom resource-groups and also tried to PUT into custom role as well:

    

   "resourceMask": "/mgmt/tm/sys/file/ifile/**"

    

   "resourceMask": "/mgmt/tm/ltm/ifile/**"

    

3. the custom role name is not showing up in GUI but the API command works when creating custom role with userReferences.
4. logout and login for testuser. I cannot modify/ upload the ifile under TEST partition.

Am I missing more steps here guys. Plz enlighten.