Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ivo_Hrbacek
Contributor

Permission profile just for one inline layer

Jump to solution

Hi,

playing with profiles and have a question, I have few people who should have read only just to ONE inline layer. I can create profile, see below, and I am using this profile just in this layer. Anyway my user assigned to this profile can see other policies in read only because this way just limit write access. Is there a way how to change this behavior? and allow users to have read only just to one layer?

thx!

layer settings:

profile:

else policy settings:

1 Solution

Accepted Solutions

Hi,

With Permissions Per Layer, you can either have:

- Show all policies and edit specific layers

- Show and edit all policies and layers

- Not see any security policy

You cannot limit users from seeing just some of the layers with R80.10 unfortunately.

One workaround that I can offer would be a self service portal which uses the API commands and limits specific users through that portal, but it won't be as part of SmartConsole.

Hope this helps.

View solution in original post

7 Replies
PhoneBoy
Admin
Admin

Just to clarify your question: you only want to allow a specific user to read a specific layer, and not other layers that might be in use, correct?

As far as I know (and https://community.checkpoint.com/people/tomera5b2e7f3-09aa-32f8-96c2-f0f5bfa2988b‌ should be able to confirm), this is not possible at the moment.

0 Kudos

Hi,

With Permissions Per Layer, you can either have:

- Show all policies and edit specific layers

- Show and edit all policies and layers

- Not see any security policy

You cannot limit users from seeing just some of the layers with R80.10 unfortunately.

One workaround that I can offer would be a self service portal which uses the API commands and limits specific users through that portal, but it won't be as part of SmartConsole.

Hope this helps.

View solution in original post

Ivo_Hrbacek
Contributor

Hello Tomer,

back to this question.. do you have some self service portal code which can be shared and used as a template? I do not want to start from scratch you know

thx

ivo

PhoneBoy
Admin
Admin
Ivo_Hrbacek
Contributor

thx

G_W_Albrecht
Legend
Legend

Is there any chance that this will be possible in future versions ?

PhoneBoy
Admin
Admin

Possibly, but can't commit Smiley Happy

0 Kudos