The F5 BIG-IP appliance must be configured to assign appropriate user roles or access levels to authenticated users.

Description

<VulnDiscussion>Successful identification and authentication must not automatically give an entity full access to a network device or security domain. Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset or set of resources. Information systems use access control policies and enforcement mechanisms to implement this requirement. The F5 BIG-IP appliance must enforce organization-defined roles to control privileged access to configure the types or objects a user can manage and/or the tasks a user can perform. For each BIG-IP user account, a different user role can be assigned to each administrative partition to which the user has access. This allows assignment of multiple user roles to each user account on the system. Users can assign a specific user role to each administrative partition to grant the user access. In this way, the BIG-IP configuration objects that the user can manage are controlled, as well as the types of actions the user can perform on those objects. Satisfies: SRG-APP-000033-NDM-000212, SRG-APP-000329-NDM-000287</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>