Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Magnus-Holmberg
Advisor
Advisor

MDS - Workflow permission

Hi,

We have upgraded a few MDS now to R81.20 with some issues.
But my question is.

The Multi-Domain super users / Domains Super User etc by default.
They are refering to permission profile "read write all"

 

image.png



However the Read Write all default profile is not having the "approve / reject other sessions"
And all default object are "read only"

image.png


What is check points recommendation, create new profiles and dont use the default object.
Or is this something that will be availible later on within a HFA?

Regards,
Magnus

https://www.youtube.com/c/MagnusHolmberg-NetSec
0 Kudos
6 Replies
PhoneBoy
Admin
Admin

The default permission profiles are Read Only and cannot be modified.
However, "Super User" (one of the default permissions) includes Approve/Reject other sessions.

0 Kudos
Magnus-Holmberg
Advisor
Advisor

Am unable to create a MDS Superuser that get this access.
This cant be how its intended to work

image.png

No, the domain - superuser is ref the same read / writes all that is not changeable and do not include this permission.
So am not able to create any high priv account with this access.

Regards,
Magnus

https://www.youtube.com/c/MagnusHolmberg-NetSec
0 Kudos
PhoneBoy
Admin
Admin

Seems like an oversight.
@Tomer_Noy do you know if this is intended behavior?

0 Kudos
MES
Explorer

I have the same problem after the upgrade to 81.20 + JH38. Practically I'm not able to reset any password for the MDS users anymore. How can we resolve this issue?

0 Kudos
PhoneBoy
Admin
Admin

If this behavior changed as a result of an upgrade and it's not otherwise documented as expected behavior, it warrants a TAC case: https://help.checkpoint.com

0 Kudos
Magnus-Holmberg
Advisor
Advisor

Same still on R81.20 HFA41, dont know did you get it resolved?

https://www.youtube.com/c/MagnusHolmberg-NetSec
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events