Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Explorer

Permission profile, create objects but not allow gw global property changes

I am currently working on a project where we are going to use CloudGuard in Azure. We are running CloudGuard R80.40 in Azure. What we want is for our developers to be able to modify the policy within the layer we give them rights on (in the end through API but thats the next step). From what I see this should be accomplished with a custom permissions profile.

I'm very close to what I want to reach but I run into the following:

At "Access Control" I set "Access Control Objects and Settings" to write expecting this to give write on hosts/networks. If at "Others" I set "Common Objects" to Read they can't change the gateway global properties, but also can't edit hosts/networks. When I set it to write They can change/create hosts/networks, but also edit the gateway global properties.

Is there a way to configure the profile in such a way that they cannot edit the gateway global properties but can create/modify hosts and networks

 

0 Kudos
Reply
2 Replies
Admin
Admin

I do not think this is possible

0 Kudos
Reply
Explorer

Thank you for your reply. I was afraid that would be the case. I suppose we can work around this by importing objects through the Azure service principal so they don't have to create objects/networks themselves. I really don't want them to be able to access the global properties. 🙂

0 Kudos
Reply