This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
G_W_Albrecht
MVP Silver
MVP Silver
‎2018-09-17 03:05 AM
Jump to solution

Access Layer admin access

A question has developed by being asked by our customers: Deployment is on R80.10 for two main sites (1 + 2) with an admin each. it is easy to configure admin1 with read/write access for site1 and admin2 with read/write access for site2, but then, admin1 has read access for site2 and admin2 has read access for site1.

With TP and Access Layer, you can define one admin for TP and one for Access Layer, with each admin having absolute no access to the others layer. But is that possible for two admins on Access Layer, too ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Labels
0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
MVP Silver
MVP Silver
‎2018-09-17 05:34 AM
Jump to solution

I found the answer given by Tomer Sole in Permission profile just for one inline layer:

With Permissions Per Layer, you can either have:

- Show all policies and edit specific layers

- Show and edit all policies and layers

- Not see any security policy

You cannot limit users from seeing just some of the layers with R80.10 unfortunately.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

0 Kudos
5 Replies
Danny
MVP Platinum
MVP Platinum
‎2018-09-17 03:47 AM
Jump to solution

I see two solutions here:

Solution 1: Use a Multi-Domain Server (MDS) and set up two DMS, one for site 1 (managed by admin1) and another one for site 2 (managed by admin2).

Solution 2: Configuring Permissions for Access Control Layers

Create two Access Control Layers for use within your Access Control Policy. One layer for site 1 (managed by admin1) and another layer for site 2 (managed by admin2).

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2018-09-17 04:10 AM
In response to Danny
Jump to solution

Solution two does not give read access to the other admin ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Danny
MVP Platinum
MVP Platinum
‎2018-09-17 04:41 AM
In response to G_W_Albrecht
Jump to solution

You could achieve this by creating a separate readonly account for admin1 und admin2 (admin1_ro, admin2_ro).

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2018-09-17 05:11 AM
In response to Danny
Jump to solution

What i meant was that an admin with all blades from access layer has read access to all access layers. I did not find how to give read/write to one layer and no access to another access layer...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2018-09-17 05:34 AM
Jump to solution

I found the answer given by Tomer Sole in Permission profile just for one inline layer:

With Permissions Per Layer, you can either have:

- Show all policies and edit specific layers

- Show and edit all policies and layers

- Not see any security policy

You cannot limit users from seeing just some of the layers with R80.10 unfortunately.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events