Forum Discussion
Yes. Try putting them in the "operator" role. I just used that today and it seems like an almost perfect role for a help desk or similar person to use to manage APM. It allows you to go to go to the manage sessions are and view and delete sessions. It also allows you to view the "All Sessions" report, click on a session ID number and see all the log messages that were recorded during that session, which is really useful for troubleshooting. They can also view the visual policy editor in read only mode. Those three things are probably almost everything a Tier 1 type of user needs.
Things they can't do as an operator: it seems they can't view APM session variables in memory. Also, the policy is only read only, they can't change it (that's probably what you want though if they aren't a trained admin). I also don't think they can change underlying object configurations like AAA servers, though they should be able to read them. On the LTM side, the operator role also lets them do things like enable and disable nodes and pool members, though they can't really create, change, or delete objects.