Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Hllrdm
Contributor
Jump to solution

Blocking rule editing

We need to restrict the editing of all rules from a certain section tittle for other administrators, and that they can only be edited by admin. Is it possible to do this in Check Point?

0 Kudos
1 Solution

Accepted Solutions
Tal_Paz-Fridman
Employee
Employee

Granting permission for a specific section of the rulebase is not feasible. However, you can explore the following alternatives:

  1. Implement Ordered Layers and assign distinct Permission Profiles to each layer.

  2. Transition to Multi-Domain Security Management, which allows you to utilize a Global Domain for a particular policy segment, while the Domain level administrator handles the remaining sections.

View solution in original post

0 Kudos
10 Replies
the_rock
Legend
Legend

If you can send a screenshot and circle what you want to di, I can test it in my lab.

Andy

0 Kudos
Hllrdm
Contributor

Tittles.jpg

 

For example, administrators other than Administator cannot edit 1-13 rules

0 Kudos
the_rock
Legend
Legend

I have an hour before my next call, so stand by, let me see if this is possible.

Cheers,

Andy

0 Kudos
Tal_Paz-Fridman
Employee
Employee

Granting permission for a specific section of the rulebase is not feasible. However, you can explore the following alternatives:

  1. Implement Ordered Layers and assign distinct Permission Profiles to each layer.

  2. Transition to Multi-Domain Security Management, which allows you to utilize a Global Domain for a particular policy segment, while the Domain level administrator handles the remaining sections.

0 Kudos
Hllrdm
Contributor
  1. Implement Ordered Layers and assign distinct Permission Profiles to each layer.

Could you describe this process in more detail?

0 Kudos
Hllrdm
Contributor

Thank you I have figured out the technology in question.

0 Kudos
the_rock
Legend
Legend

I think what @Tal_Paz-Fridman said makes sense. I looked for any setting related to being able to possible prevent given admin from modifying regular rule(s), but it does not appear to exist anywhere.

Its definitely good candidate for RFE, in my view.

Andy

0 Kudos
Hllrdm
Contributor

Yeah, that's what I thought, too. MDS implementation is quite difficult in terms of time, while layers implementation is simple. We will try this option, thanks

0 Kudos
the_rock
Legend
Legend

Im fairly sure this is what @Tal_Paz-Fridman was referring to.

Andy

 

Screenshot_1.png

0 Kudos
PhoneBoy
Admin
Admin

Directly, no.
However, through use of a SmartTask like https://community.checkpoint.com/t5/Management/SmartTask-Custom-Permissions/m-p/77247#M11281, it should be possible.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events