https://community.checkpoint.com/t5/Firewall-and-Security-Management/SmartTask-Custom-Permissions/m-p/206320#M81300 <P>In my lab R81.20 I had to made some change in the script to make it works:</P> <P>- the script runs local on mgt so no base64 is needed to convert the $1</P> <P>-in my env the $1 it's the location of a temp file in the mgt that contain the json output of "show changes" API&nbsp;</P> <P>So the&nbsp;trigger_json variable can be populated with this command:</P> <P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;trigger_json=$(cat $1)</P> <P>then there is a problem in the message2 variable output that contains " that corrupts the script output so I've also make this change:</P> <P>from&nbsp; &nbsp; m2=${m2//\"/\\\"}</P> <P>to&nbsp; &nbsp; &nbsp; &nbsp;m2=$(echo "$m2" | sed 's/\"/\'\''/g')</P> <P>I've attached my version here. the script can be imported using the script repository import gui from smart console and than you can edit the SmartTask&nbsp; by selecting my script.</P> <P>&nbsp;</P> Fri, 16 Feb 2024 16:55:41 GMT Michele_Gullia 2024-02-16T16:55:41Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SmartTask-Custom-Permissions/m-p/77247#M81298 <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;"><FONT size="4">R80.x Security Management makes team work easier by allowing to configure granular permission profiles, delegate ownership of different Layers to different administrators and more.</FONT></P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;"><FONT size="4">Sometimes, we might want to create "per object" permission, such profile can be very useful when we want to outsource parts of the policy or limit admins in team to specific object types.</FONT></P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;">&nbsp;</P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;"><FONT size="4">This SmartTask allows us to further extend the permission profiles by running a custom script (Pre Publish)that ensures that the administrators included in Custom Data "admins" field only modify objects that hold the tag specified in the "allowed tag" field.</FONT></P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;"><FONT size="4">You can download the attached SmartTask in txt format and&nbsp;<U><STRONG><A href="https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/import-smart-task~v1.6%20" target="_blank" rel="noopener"><SPAN style="background: #F8F8FA;">import</SPAN></A>&nbsp;</STRONG></U>it to your Security Management Server. Right after import, you'll find the SmartTask itself in Manage and Settings &gt; SmartTasks, the script it uses resides in Scripts Repository (Gateways &amp; Servers &gt; Scripts).</FONT></P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;">&nbsp;</P> <P style="margin: 0in; font-family: Calibri; font-size: 11.0pt;"><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="cp2.png" style="width: 466px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/4698i3CAD1A6139EEAFCA/image-dimensions/466x505?v=v2" width="466" height="505" role="button" title="cp2.png" alt="cp2.png" /></span></P> Thu, 05 Mar 2020 11:09:40 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SmartTask-Custom-Permissions/m-p/77247#M81298 Dima_M 2020-03-05T11:09:40Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SmartTask-Custom-Permissions/m-p/177719#M81299 <P>Will it still work in R81.20?</P><P>Regardless of whether there is a tag "DMZ" or not, the results of my test can be successfully written to the object</P> Sat, 08 Apr 2023 07:27:46 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SmartTask-Custom-Permissions/m-p/177719#M81299 Jarvis_Lin 2023-04-08T07:27:46Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SmartTask-Custom-Permissions/m-p/206320#M81300 <P>In my lab R81.20 I had to made some change in the script to make it works:</P> <P>- the script runs local on mgt so no base64 is needed to convert the $1</P> <P>-in my env the $1 it's the location of a temp file in the mgt that contain the json output of "show changes" API&nbsp;</P> <P>So the&nbsp;trigger_json variable can be populated with this command:</P> <P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;trigger_json=$(cat $1)</P> <P>then there is a problem in the message2 variable output that contains " that corrupts the script output so I've also make this change:</P> <P>from&nbsp; &nbsp; m2=${m2//\"/\\\"}</P> <P>to&nbsp; &nbsp; &nbsp; &nbsp;m2=$(echo "$m2" | sed 's/\"/\'\''/g')</P> <P>I've attached my version here. the script can be imported using the script repository import gui from smart console and than you can edit the SmartTask&nbsp; by selecting my script.</P> <P>&nbsp;</P> Fri, 16 Feb 2024 16:55:41 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SmartTask-Custom-Permissions/m-p/206320#M81300 Michele_Gullia 2024-02-16T16:55:41Z