https://community.checkpoint.com/t5/General-Topics/Monitor-user-read-user-with-permissions-to-execute/m-p/241055#M40219 <P>Here are the supported commands you can use in a role:</P> <P><A href="https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_Gaia_AdminGuide/Content/Topics-GAG/Roles-Extended-Commands.htm?tocpath=User%20Management%7CRoles%7C_____4" target="_blank">https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_Gaia_AdminGuide/Content/Topics-GAG/Roles-Extended-Commands.htm?tocpath=User%20Management%7CRoles%7C_____4</A></P> <P>Second you need to create an admin role instead if monitor role. Monitor role is read-only. Admin role you give view access and write access.&nbsp;</P> <P><A href="https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_Gaia_AdminGuide/Content/Topics-GAG/Roles.htm?tocpath=User%20Management%7CRoles%7C_____0" target="_blank">https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_Gaia_AdminGuide/Content/Topics-GAG/Roles.htm?tocpath=User%20Management%7CRoles%7C_____0</A></P> <P>&nbsp;</P> Wed, 12 Feb 2025 17:44:34 GMT Lesley 2025-02-12T17:44:34Z https://community.checkpoint.com/t5/General-Topics/Monitor-user-read-user-with-permissions-to-execute/m-p/241046#M40217 <P>Hello:</P><P>I am trying to create a user with monitoring permissions and also that can execute troubleshooting commands:</P><P>tcpdump<BR />fw monitor<BR />cpview<BR />etc</P><P>For this I have created a role clone of the monitor and I have also allowed expert mode and the commands but it does not allow SSH access, for it to work I have to give it also adminRole roles.</P><P>Do you know what I could be missing?</P><P>Thanks!!</P> Wed, 12 Feb 2025 15:25:08 GMT https://community.checkpoint.com/t5/General-Topics/Monitor-user-read-user-with-permissions-to-execute/m-p/241046#M40217 intaq 2025-02-12T15:25:08Z https://community.checkpoint.com/t5/General-Topics/Monitor-user-read-user-with-permissions-to-execute/m-p/241055#M40219 <P>Here are the supported commands you can use in a role:</P> <P><A href="https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_Gaia_AdminGuide/Content/Topics-GAG/Roles-Extended-Commands.htm?tocpath=User%20Management%7CRoles%7C_____4" target="_blank">https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_Gaia_AdminGuide/Content/Topics-GAG/Roles-Extended-Commands.htm?tocpath=User%20Management%7CRoles%7C_____4</A></P> <P>Second you need to create an admin role instead if monitor role. Monitor role is read-only. Admin role you give view access and write access.&nbsp;</P> <P><A href="https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_Gaia_AdminGuide/Content/Topics-GAG/Roles.htm?tocpath=User%20Management%7CRoles%7C_____0" target="_blank">https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_Gaia_AdminGuide/Content/Topics-GAG/Roles.htm?tocpath=User%20Management%7CRoles%7C_____0</A></P> <P>&nbsp;</P> Wed, 12 Feb 2025 17:44:34 GMT https://community.checkpoint.com/t5/General-Topics/Monitor-user-read-user-with-permissions-to-execute/m-p/241055#M40219 Lesley 2025-02-12T17:44:34Z https://community.checkpoint.com/t5/General-Topics/Monitor-user-read-user-with-permissions-to-execute/m-p/241099#M40228 <P>Hello!</P><P>Thanks for your reply!</P><P>The idea is to create a read-only user with troubleshooting capabilities. That is why we clone the Role from MonitorRole and not from adminRole.</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 13 Feb 2025 08:43:47 GMT https://community.checkpoint.com/t5/General-Topics/Monitor-user-read-user-with-permissions-to-execute/m-p/241099#M40228 intaq 2025-02-13T08:43:47Z