This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Maarten_Sjouw
Champion
Champion
‎2019-09-23 10:55 PM

Read-Only account for Gaia API?

For the GAIA API we are trying to create a role that allows the users to only use show commands, but currently all we can get working is a user with the full admin role. In our case we are using TacAcs authentication and the role associated to this also needs to be assigned otherwise it will not work.

Any idea how to configure the role for a Read-Only API user?

Regards, Maarten
0 Kudos
7 Replies
Martin_Valenta
Advisor
‎2019-09-24 01:42 AM

MonitorRole doesn't work when attached to that user?
0 Kudos
Maarten_Sjouw
Champion
Champion
‎2019-09-24 01:49 AM
In response to Martin_Valenta

Nope.
Regards, Maarten
0 Kudos
Martin_Valenta
Advisor
‎2019-09-26 04:15 AM
In response to Maarten_Sjouw

Did you got some answer from TAC?
0 Kudos
Maarten_Sjouw
Champion
Champion
‎2019-09-26 04:17 AM
In response to Martin_Valenta

Did not open a case yet.
Regards, Maarten
0 Kudos
Maarten_Sjouw
Champion
Champion
‎2019-10-23 04:25 AM
In response to Maarten_Sjouw

@Tal_Martsiano would you like to comment on this?
Regards, Maarten
0 Kudos
Nick_Doropoulos
Advisor
‎2019-11-23 12:34 PM
In response to Maarten_Sjouw

Have you got a solution for this yet? I am very interested in setting up a similar account too.

Thanks.

0 Kudos
JozkoMrkvicka
Authority
Authority
‎2019-11-23 01:11 PM

You can create a new RBA role where only "show configuration" will be allowed. This is not related to API, but for GAIA permissions only.

 

add rba role show_only domain-type System readonly-features configuration
add rba user <AFFECTED_USER> roles show_only

 

Try to play with webUI and Roles there. Specify only commands you want to allow and simply flag it as "read only".

Kind regards,
Jozko Mrkvicka
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events