We want to allow our users to review, modify and deploy their web application firewall policy on the big-IQ. The default roles do not allow for this; because they also allow the users to create and delete policy's.
I think this can be done by creating a custom Role Type, combined with the `Resource Group deployer` and a resource group containing only the WAF policy's they have access too.
I have created this role type:
Which does nearly everything I need, except that i get the following error when deploying:
Deployment does work when I combine the `Web App Security Manager` role with the `resource group deployer`. But then the user is also allowed to create new waf policies.
Does anybody know which permissions I am missing from the role type?