This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Nenad_D
Participant
‎2020-05-13 03:02 AM

Permission to only manage reports for a certain security gateway / cluster

Hi community,

 

Is there a way to achieve the following:

Grant certain users access to only read and create new reports for a certain security gateway / cluster?

Important: Identities/users must not be hidden in the reports.

 

We have just a Security Managment Server (R80.30) and a Smart Event Server in use (not a Muli Domain Management).

 

I couldn't find any post related to that topic.

I really appreciate your help!

 

Thanks in advance!

 

Best Regards

Nenad

 

 

0 Kudos
6 Replies
Dror_Aharony
Employee Alumnus
Employee Alumnus
‎2020-05-14 01:27 AM

Not easily possible. We're trying to push for such an admin/permission GUI feature fix.

 

via CLI it is possible:

Create a user & enter with it the Smartview tabs > Logs > New tab > Views > Create a new view (clone a view if needed).

then edit it like this:

Insert the filter line to the right users.xml file in the relevant user's section:

Backup file: cp $RTDIR/smartview/db/domains/<relevant_domain_id>/users.xml{,.Orig};

Edit it: vim $RTDIR/smartview/db/domains/<relevant_domain_id>/users.xml

 

<owner><![CDATA[nenad]]></owner>
<isNewlyCreated><![CDATA[true]]></isNewlyCreated>
<username><![CDATA[nenad]]></username>
<locale><![CDATA[en-US]]></locale>
<filter><![CDATA[orig:<GW_Name/IP>]]></filter>
<firstDayOfWeek><![CDATA[2]]></firstDayOfWeek>
<theme><![CDATA[default]]></theme>

 

Restart Smartview: 

$RTDIR/scripts/stopSmartView; $RTDIR/scripts/startSmartView

 

See it here as well: https://community.checkpoint.com/t5/Logging-and-Reporting/Limited-Permission-Profile/m-p/75671#M4422

 

 

0 Kudos
Nenad_D
Participant
‎2020-05-14 07:07 AM
In response to Dror_Aharony

@Dror_Aharony   Thanks very much for your reply

Just a question to the procedure.

I assume that I can create the new user via GUI (SmartConsole)?

If yes, which Permission Profile do I need to assign to the newly created user?
As I only want the user to be able to read / create reports (and the identities in the reports not to be hidden) and nothing else.

Thanks again for a short reply!

Best Regards

Nenad

0 Kudos
PhoneBoy
Admin
Admin
‎2020-05-14 10:47 AM
In response to Nenad_D

The above only applies to SmartView and doesn't require a specific permission profile.
It applies a hidden filter to the users queries that cannot be overridden.
0 Kudos
Nenad_D
Participant
‎2020-05-15 04:14 AM
In response to PhoneBoy

Thanks for your feedback! I really appreciate all of your help.

 

In general limiting the users access to logs and reports to a certain Security Gateway with filter line in the users.xml works fine.

But unfortunately the user cannot see the identities in the logs and reports, only the hidden identities (******). And this is one of the requirements.

Is there a certain permission in the Permission Profile that need to be activated or adjusted?

2020-05-15 12_34_04-Clipboard.png

 

 

 

 

 

And if I create a customized Permission Profile with almost no Permissions, the user cannot see logs and create reports. 

Thanks for your help again.

Best Regards

Nenad

0 Kudos
Dror_Aharony
Employee Alumnus
Employee Alumnus
‎2020-05-17 12:01 AM
In response to Nenad_D

Make sure to have all/most 'Monitoring and Logging' permissions checked, especially the 'Identities' & 'Show Identities by default' & 'DLP Confidential fields' too.

(See Pic).

 

Hope that solves everything.

 

 
 
 

 

 

Preview file
35 KB
0 Kudos
Nenad_D
Participant
‎2020-05-19 07:28 AM
In response to Dror_Aharony

Thanks again for all your help!

Finally, I could manage it to allow a certain user only access to Logs and Reports for a specific Security Gateway / cluster via Smartview with identities shown as follows:

Create a Permission Profile with only access to Logs and Reports (all options ticked for "Monitoring and Logging" & "Events and Reports") (see pic below).

2020-05-19 16_10_54-Profile.png2020-05-19 16_08_25-Profile.png

Create a user with Permission Profile created before.

And then limit user's access to specific Security Gateway by modifying users.xml as described by @Dror_Aharony 

At the beginning of my tests I had a strange issue, I created a new user and played around with the assigned customized Permission Profile. For whatever reason, I couldn't manage it for that user to get the identities shown in the Logs and Reports. Even when I assigned this user the "Read Write All" or "Super User" Permissions Profile, this test user had the identities only hidden (******) in the Logs and Reports.

Maybe I did something wrong with the order or creating/adjusting the Permission Profile or limit user access via users.xml. But anyway it should have worked when assigning e.g. the "Super User" Permission Profile. So it seems to be some kind of bug.

Maybe that will help someone who faces the same issue.

Best Regards

Nenad

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events