This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Alex_Hofstee
Participant
‎2020-10-15 12:21 AM

Permission profile, create objects but not allow gw global property changes

I am currently working on a project where we are going to use CloudGuard in Azure. We are running CloudGuard R80.40 in Azure. What we want is for our developers to be able to modify the policy within the layer we give them rights on (in the end through API but thats the next step). From what I see this should be accomplished with a custom permissions profile.

I'm very close to what I want to reach but I run into the following:

At "Access Control" I set "Access Control Objects and Settings" to write expecting this to give write on hosts/networks. If at "Others" I set "Common Objects" to Read they can't change the gateway global properties, but also can't edit hosts/networks. When I set it to write They can change/create hosts/networks, but also edit the gateway global properties.

Is there a way to configure the profile in such a way that they cannot edit the gateway global properties but can create/modify hosts and networks

 

Preview file
68 KB
Preview file
82 KB
0 Kudos
2 Replies
_Val_
Admin
Admin
‎2020-10-15 12:54 AM

I do not think this is possible

0 Kudos
Alex_Hofstee
Participant
‎2020-10-20 11:58 PM
In response to _Val_

Thank you for your reply. I was afraid that would be the case. I suppose we can work around this by importing objects through the Azure service principal so they don't have to create objects/networks themselves. I really don't want them to be able to access the global properties. 🙂

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events