This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Magnus-Holmberg
Advisor
‎2023-10-09 08:32 AM

MDS - Workflow permission

Hi,

We have upgraded a few MDS now to R81.20 with some issues.
But my question is.

The Multi-Domain super users / Domains Super User etc by default.
They are refering to permission profile "read write all"

 

image.png



However the Read Write all default profile is not having the "approve / reject other sessions"
And all default object are "read only"

image.png


What is check points recommendation, create new profiles and dont use the default object.
Or is this something that will be availible later on within a HFA?

Regards,
Magnus

https://www.youtube.com/c/MagnusHolmberg-NetSec
0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2023-10-09 02:39 PM

The default permission profiles are Read Only and cannot be modified.
However, "Super User" (one of the default permissions) includes Approve/Reject other sessions.

0 Kudos
Magnus-Holmberg
Advisor
‎2023-10-20 12:45 AM
In response to PhoneBoy

Am unable to create a MDS Superuser that get this access.
This cant be how its intended to work

image.png

No, the domain - superuser is ref the same read / writes all that is not changeable and do not include this permission.
So am not able to create any high priv account with this access.

Regards,
Magnus

https://www.youtube.com/c/MagnusHolmberg-NetSec
0 Kudos
PhoneBoy
Admin
Admin
‎2023-10-20 01:10 PM
In response to Magnus-Holmberg

Seems like an oversight.
@Tomer_Noy do you know if this is intended behavior?

0 Kudos
MES
Explorer
‎2023-11-16 01:11 AM
In response to Magnus-Holmberg

I have the same problem after the upgrade to 81.20 + JH38. Practically I'm not able to reset any password for the MDS users anymore. How can we resolve this issue?

0 Kudos
PhoneBoy
Admin
Admin
‎2023-11-16 09:15 AM
In response to MES

If this behavior changed as a result of an upgrade and it's not otherwise documented as expected behavior, it warrants a TAC case: https://help.checkpoint.com

0 Kudos
Magnus-Holmberg
Advisor
‎2023-12-28 03:12 AM
In response to MES

Same still on R81.20 HFA41, dont know did you get it resolved?

https://www.youtube.com/c/MagnusHolmberg-NetSec
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events