Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
G_W_Albrecht
Legend Legend
Legend
Jump to solution

Access Layer admin access

A question has developed by being asked by our customers: Deployment is on R80.10 for two main sites (1 + 2) with an admin each. it is easy to configure admin1 with read/write access for site1 and admin2 with read/write access for site2, but then, admin1 has read access for site2 and admin2 has read access for site1.

With TP and Access Layer, you can define one admin for TP and one for Access Layer, with each admin having absolute no access to the others layer. But is that possible for two admins on Access Layer, too ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend

I found the answer given by Tomer Sole in Permission profile just for one inline layer:

With Permissions Per Layer, you can either have:

- Show all policies and edit specific layers

- Show and edit all policies and layers

- Not see any security policy

You cannot limit users from seeing just some of the layers with R80.10 unfortunately.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

0 Kudos
5 Replies
Danny
Champion Champion
Champion

I see two solutions here:

Solution 1: Use a Multi-Domain Server (MDS) and set up two DMS, one for site 1 (managed by admin1) and another one for site 2 (managed by admin2).

Solution 2: Configuring Permissions for Access Control Layers

Create two Access Control Layers for use within your Access Control Policy. One layer for site 1 (managed by admin1) and another layer for site 2 (managed by admin2).

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Solution two does not give read access to the other admin ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Danny
Champion Champion
Champion

You could achieve this by creating a separate readonly account for admin1 und admin2 (admin1_ro, admin2_ro).

0 Kudos
G_W_Albrecht
Legend Legend
Legend

What i meant was that an admin with all blades from access layer has read access to all access layers. I did not find how to give read/write to one layer and no access to another access layer...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
Legend Legend
Legend

I found the answer given by Tomer Sole in Permission profile just for one inline layer:

With Permissions Per Layer, you can either have:

- Show all policies and edit specific layers

- Show and edit all policies and layers

- Not see any security policy

You cannot limit users from seeing just some of the layers with R80.10 unfortunately.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events