cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Restrict access to specific policies

Jump to solution

Is it possible to restrict SmartConsole administrators to only access specific policies?

I would like to be able to create read-only SmartConsole users that have access to only specific access rule policies (and NATs) in on domain.

I am using MDS R80.10

1 Solution

Accepted Solutions

Re: Restrict access to specific policies

Jump to solution

Hi, currently with R80.10 you can limit the editing to specific access control layers.

Showing or hiding specific policies with R80.10 is a matter of all-or-nothing. If you use a Multi-Domain Management server you can restrict entire domain from administrators, but you cannot hide some of the policies and show the others in the same domain.

Hope this helps

View solution in original post

8 Replies
ED
Silver

Re: Restrict access to specific policies

Jump to solution

I have not tested it but you could try following:

1. Create a new permission profile. Manage & settings > Permissions & Administrators > Permission profiles. Create a new with something like this:

Disable (remove the check mark) on most of the other settings. 

2. Create a new administrator and assign the newly created permissions profile from step 1. 

3. Open a security policy > Right click on Policy > Edit policy > Network  > Drop down menu on right > Edit layer > Permissions > Select additional profiles thatt will be able to edit this layer. Select the profile we created in step 1. 

0 Kudos

Re: Restrict access to specific policies

Jump to solution

Enis, your method is similar to how I tried before submitting the question. I've tried your method exactly and got further, but my new profile just shows as an option to edit (rather than view) the Access Control layer.

0 Kudos
ED
Silver

Re: Restrict access to specific policies

Jump to solution

Yeah I see it now, it was a bad suggestion from me because it says with this sentence "Select additional profiles that will be able to edit this layer". It only gives you ability to edit and that is not what you want. It's like Tomer said, all or nothing Smiley Happy 

Re: Restrict access to specific policies

Jump to solution

or move that to a Domain (Multi-Domain Management)

0 Kudos

Re: Restrict access to specific policies

Jump to solution

Hi, currently with R80.10 you can limit the editing to specific access control layers.

Showing or hiding specific policies with R80.10 is a matter of all-or-nothing. If you use a Multi-Domain Management server you can restrict entire domain from administrators, but you cannot hide some of the policies and show the others in the same domain.

Hope this helps

View solution in original post

Re: Restrict access to specific policies

Jump to solution

That's what I was afraid of, but thanks for confirming. I guess we'll need a specific domain, or use another tool (i.e. Firemon) to provide read only access.

0 Kudos

Re: Restrict access to specific policies

Jump to solution

Hi Tomer,

Is it in your road-map to develop the option for newer versions? - it is very basic demand for customer that are not bigger enough to use Multi Domain Manager but still have some sites with IT/SEC team that they want to give them access for their specific site to allow access for their users on regular basis.

Best Regards,

Aviad

0 Kudos
Highlighted

Re: Restrict access to specific policies

Jump to solution
For this type of setup you should be able to create a plociy with a layer per location, in the layer itself you can set permissions.
Regards, Maarten
0 Kudos