https://community.checkpoint.com/t5/Firewall-and-Security-Management/MDS-Workflow-permission/m-p/198177#M67082 <P>If this behavior changed as a result of an upgrade and it's not otherwise documented as expected behavior, it warrants a TAC case: <A href="https://help.checkpoint.com" target="_blank">https://help.checkpoint.com</A></P> Thu, 16 Nov 2023 17:15:53 GMT PhoneBoy 2023-11-16T17:15:53Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/MDS-Workflow-permission/m-p/194550#M67077 <P>Hi,<BR /><BR />We have upgraded a few MDS now to R81.20 with some issues.<BR />But my question is.<BR /><BR />The Multi-Domain super users / Domains Super User etc by default.<BR />They are refering to permission profile "read write all"<BR /><BR /></P><DIV class="">&nbsp;</DIV><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 536px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/22715iD5276CF7D6C6A98B/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P><P><BR /><BR />However the Read Write all default profile is not having the "approve / reject other sessions"<BR />And all default object are "read only"<BR /><BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 482px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/22716i67D4EADDB9038C7B/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span><BR /><BR /><BR />What is check points recommendation, create new profiles and dont use the default object.<BR />Or is this something that will be availible later on within a HFA?<BR /><BR />Regards,<BR />Magnus</P> Mon, 09 Oct 2023 15:32:40 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/MDS-Workflow-permission/m-p/194550#M67077 Magnus-Holmberg 2023-10-09T15:32:40Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/MDS-Workflow-permission/m-p/194582#M67078 <P>The default permission profiles are Read Only and cannot be modified.<BR />However,&nbsp;"Super User" (one of the default permissions) includes Approve/Reject other sessions.<BR /><BR /></P> Mon, 09 Oct 2023 21:39:47 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/MDS-Workflow-permission/m-p/194582#M67078 PhoneBoy 2023-10-09T21:39:47Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/MDS-Workflow-permission/m-p/195741#M67079 <P>Am unable to create a MDS Superuser that get this access.<BR />This cant be how its intended to work<BR /><BR /></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 837px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/22888i2E5F0A8C4D543F68/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span><BR /><BR />No, the domain - superuser is ref the same read / writes all that is not changeable and do not include this permission.<BR />So am not able to create any high priv account with this access.<BR /><BR />Regards,<BR />Magnus</P> Sat, 21 Oct 2023 13:07:57 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/MDS-Workflow-permission/m-p/195741#M67079 Magnus-Holmberg 2023-10-21T13:07:57Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/MDS-Workflow-permission/m-p/195784#M67080 <P>Seems like an oversight.<BR /><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/9372">@Tomer_Noy</a>&nbsp;do you know if this is intended behavior?</P> Fri, 20 Oct 2023 20:10:48 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/MDS-Workflow-permission/m-p/195784#M67080 PhoneBoy 2023-10-20T20:10:48Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/MDS-Workflow-permission/m-p/198114#M67081 <P>I have the same problem after the upgrade to 81.20 + JH38. Practically I'm not able to reset any password for the MDS users anymore. How can we resolve this issue?</P> Thu, 16 Nov 2023 09:11:59 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/MDS-Workflow-permission/m-p/198114#M67081 MES 2023-11-16T09:11:59Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/MDS-Workflow-permission/m-p/198177#M67082 <P>If this behavior changed as a result of an upgrade and it's not otherwise documented as expected behavior, it warrants a TAC case: <A href="https://help.checkpoint.com" target="_blank">https://help.checkpoint.com</A></P> Thu, 16 Nov 2023 17:15:53 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/MDS-Workflow-permission/m-p/198177#M67082 PhoneBoy 2023-11-16T17:15:53Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/MDS-Workflow-permission/m-p/201685#M67083 <P>Same still on R81.20 HFA41, dont know did you get it resolved?</P> Thu, 28 Dec 2023 11:12:49 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/MDS-Workflow-permission/m-p/201685#M67083 Magnus-Holmberg 2023-12-28T11:12:49Z