This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Maor_Benamer
Explorer
‎2019-06-05 12:47 AM

Add users to existing access-role

Hello,

I am trying to add an AD user to an existing group.
Code I tried:
set access-role name "Test_Access_Role" users "test1" machines "any" networks "any" remote-access-clients "any"

Every command I enter returns an error message.

what am I missing?

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2019-06-07 01:51 PM

Because you're calling the API incorrectly for users.
It should be users.add.source and then the AD name, if I'm reading the documentation properly.
Refer to the API documentation: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/set-access-role~v1.5%20
Maor_Benamer
Explorer
‎2019-06-10 11:16 PM
In response to PhoneBoy

Hi,

I tried to write as you wrote but I get the following error message:

set access-role name "Test_Access_Role" users.add.source "test1" machines "any" networks "any" remote-access-clients "any"

code: "generic_err_missing_required_parameters"
message: "Missing parameter: [selection]"

Any idea?

Tnx 

0 Kudos
wislleym
Contributor
‎2019-08-15 11:35 AM
In response to Maor_Benamer

I am trying to create an access role and am having difficulties. I am trying to add the active directory group called DIRECTORS. I used the command add access-role name "DIRECTORS" networks "any" machines "any" users.add.source "DIRECTORS". The output of the command indicates that the select parameter is missing, but reading the MANAGEMENT API I could not identify what this parameter would be.

Preview file
56 KB
0 Kudos
PhoneBoy
Admin
Admin
‎2019-08-15 12:23 PM
In response to wislleym

Definitely something missing in the API documentation as I have no idea what "selection" refers to here.
@Amiad_Stern any ideas?

wislleym
Contributor
‎2019-08-16 12:25 PM
In response to PhoneBoy

Hello PhoneBoy. After some trying i created the access role. I used the command add access-role name "DIRETORIA" networks "any" machines "any" remote-access-client "any" users.add.source "PAINT.LOCAL__AD" users.selection "Diretoria" where PAINT.LOCAL is the name from my domain and where Diretoria is the name of my active directory group. A message was displayed stating that the requested object name [Diretoria] was not unique and that i should use the base-dn parameter to add the access role. Then i used the command add access-role name "DIRETORIA" networks "any" machines "any" remote-access-client "any" users.source "PAINT.LOCAL__AD" users.selection "Diretoria" users.base-dn "CN=Diretoria,OU=Diretoria,OU=MATRIZ,DC=paint,DC=local" color "yellow"

34.jpg

PhoneBoy
Admin
Admin
‎2019-08-16 01:17 PM
In response to wislleym

The error message was a little misleading but it does appear that's documented.
Glad you got it working.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events