This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Dave_Hoggan
Contributor
‎2017-11-23 10:42 AM

R80.xx Administrator Delegation

Hi,

Under R80.xx one of the new features is the ability to delegate policy control to specific administrators - a feature we've had customers ask for in the past, so are excited to see available. But one of the issues I can't find an answer to is: how can we lock an administrator to specific objects? So far, all I can see is that a given administrator can either have read-only or read-write to ALL objects.

Given this, administrator 1  - who I have delegated to have access to only interior firewall policies - can still disrupt policies on exterior firewalls by editing or deleting objects used by the exterior firewall policies. Next time the policy is installed on the exterior firewall, the damage is done.

I cannot see any way in the product to only allow a subset of objects to be edited by a given administrator, and the only way I can think of achieving this would be to use tags on the objects and specify which tags the administrator can 'control'.

Am I missing something?

Thanks,


Dave 

0 Kudos
0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events