https://community.checkpoint.com/t5/Spark-Firewall-SMB/cloud-SMP-role-definitions/m-p/116472#M5094 <P>From what the experts tell me, this is not possible with SMP currently.<BR />You can't give access to specific gateways, only specific actions within the SMP with apply to all gateways.<BR />The only way to achieve this at the moment is for the user to connect to their gateway (either directly or via Reach My Device).</P> Wed, 21 Apr 2021 01:41:02 GMT PhoneBoy 2021-04-21T01:41:02Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/cloud-SMP-role-definitions/m-p/116242#M5085 <P>OK so I am finally getting back to re-evaluating cloud SMP for my users that are purchasing 1500 appliances.</P><P>&nbsp;</P><P>I would like a user to be able to login and only see his devices/plans/roles on the cloud SMP.&nbsp; He should not be able to see any other users gateways.</P><P>At this time I am not worried about the user seeing logs for other gateways.</P><P>&nbsp;</P><P>Is this even possible?&nbsp; I am trying to filter using the Intersects(gateways, CurrentUser.gateways), however I must not be giving enough access, it appears that we need access to user and all gateways to see this.&nbsp; This is from the SMP 12.30 Admin guide P111?</P><P>&nbsp;</P><P>Anyone ever do this kind of access role?&nbsp; I am trying to understand all the fields that we could match.</P><P>&nbsp;</P><P>Is it possible to match on a user field, for example user-&gt;custom field-&gt;UserGroup access and gateway-&gt;custom field -&gt; GWgroup, then give access if CurrentUser.UserGroup&nbsp; == Gateway.GWgroup?</P><P>Cloud SMP 12.30</P><P>&nbsp;</P><P>&nbsp;</P> Sat, 17 Apr 2021 19:32:16 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/cloud-SMP-role-definitions/m-p/116242#M5085 Ted_Serreyn 2021-04-17T19:32:16Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/cloud-SMP-role-definitions/m-p/116472#M5094 <P>From what the experts tell me, this is not possible with SMP currently.<BR />You can't give access to specific gateways, only specific actions within the SMP with apply to all gateways.<BR />The only way to achieve this at the moment is for the user to connect to their gateway (either directly or via Reach My Device).</P> Wed, 21 Apr 2021 01:41:02 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/cloud-SMP-role-definitions/m-p/116472#M5094 PhoneBoy 2021-04-21T01:41:02Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/cloud-SMP-role-definitions/m-p/116489#M5095 <P>Every user buying a 1500 gets one Cloud Management license for it included in the deal. So he has his own Cloud Management and therefore will see no other GWs.</P> Wed, 21 Apr 2021 08:10:20 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/cloud-SMP-role-definitions/m-p/116489#M5095 G_W_Albrecht 2021-04-21T08:10:20Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/cloud-SMP-role-definitions/m-p/116663#M5103 <P>And why would I want every customer that needs help managing their firewall in their own SMP?&nbsp; That kind of defeats the purpose.&nbsp; I don't want to login to every firewall, so I want to use SMP.&nbsp; Because of this I don't want to login to every different SMP portal.</P><P>I want to work smarter, not harder.</P> Thu, 22 Apr 2021 16:34:53 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/cloud-SMP-role-definitions/m-p/116663#M5103 Ted_Serreyn 2021-04-22T16:34:53Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/cloud-SMP-role-definitions/m-p/116664#M5104 <P>It is possible, we have done it.&nbsp; The key is the access roles rule for Gateways.&nbsp; Matches(name,"gwprefix.+")</P> Thu, 22 Apr 2021 16:38:43 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/cloud-SMP-role-definitions/m-p/116664#M5104 Ted_Serreyn 2021-04-22T16:38:43Z