This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Saps
Explorer
‎2025-08-12 01:40 AM

Policy Installation

Just assume user A and user B. The user A have made a changes in the policy and just published it without installing the policy. Then user B made another change in the same policy and installed the policy.

Is there any way to restrict the User B to install the policy what are the changes what he have done in Smart 1 Cloud console.

0 Kudos
6 Replies
Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2025-08-12 02:08 AM

You can implement SmartWorkflow - Approval Cycle for Sessions

https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_SecurityManagement_AdminGuide/Cont...

0 Kudos
Saps
Explorer
‎2025-08-12 05:27 AM
In response to Tal_Paz-Fridman

Hi Fridman, Thanks for your reply

We cannot give access for the other admin, but is there any way to restrict the previous changes only published by other admin while installing the policy.

0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
‎2025-08-12 09:57 AM
In response to Saps

When you push policy, all published changes are pushed. There is no way to cherry-pick which published changes you want to push. SmartWorkflow does not change this.

What SmartWorkflow can do is add a new step which essentially takes the place of publishing. Admin A would submit their changes. Admin B would submit their changes. These two submitted changes can then be reviewed, and if the review approves them, they are published.

But all published changes go out with the push.

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-08-12 05:33 AM

If you want to prevent User B from installing changes they didn’t make

There’s no direct setting that lets you say “install only my changes” in Smart-1 Cloud.
However, you can control this behavior with permissions and workflow changes:

  1. Role-Based Permissions

    • In SmartConsole → Manage & Settings → Permissions & Administrators, you can create roles where:

      • Users can publish their own changes.

      • Only specific users (e.g., policy managers) can install policy.

    • That way, User B can’t just install after making changes — only the approved admin can.

  2. Workflow with Approval

    • Use the "Install Policy Approval" process:

      • Assign "Policy Installation" to a separate administrator role.

      • Require a change request or peer review before the install is done.

    • This ensures that the installer is aware of all published changes before pushing.

  3. Avoid Premature Publishing

    • If User A does not publish right away, their changes remain in their private session, and User B’s install will not include them.

    • Once ready, User A can publish and request an install.

  4. Use Revisions for Tracking

    • In Smart-1 Cloud, you can view Revisions in the Logs & Monitor → Audit Logs / Revisions to see exactly what changes were included in a given install.

    • While this doesn’t stop the install, it lets you hold accountability.

0 Kudos
Saps
Explorer
‎2025-08-12 05:41 AM
In response to the_rock

Is there any proper document for the configuration of Work flow

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-08-12 06:40 AM
In response to Saps

https://sc1.checkpoint.com/documents/Sales_tools/DemoPoint/Quantum_R81.20/Topics/SmartWorkflow.htm

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events