The user roles that have access to make changes to ASM policies on the BIG-IP ASM System are Administrator, Web Application Security Editor, and Web Application Security Administrator. The Administrator role generally has full access to the system, including ASM policies. The Web Application Security Editor role specifically has permissions to modify ASM policies. The Web Application Security Administrator also has comprehensive permissions pertaining to web application security, including the modification of ASM policies. Guest and Operator roles typically have limited access and do not include permissions to make policy changes.