Yes, that was also my thoughts. A webpage with own users and a "backend" wich has the Check Point API user.
At the moment my idea is to have time objects with tags. The tags helps to identify the time objects. The firewall
admin can build the rules needed and give the rules the time objects.
The non firewall user log into a webpage and sees only the time objects he could allow. A click and the time
object will be updated to allow the rule for some hours.
What would be the benefit of layers instead of time objects? At the moment I cannot use layers anyway. But I'm
always happy to hear opinions.
The requirement for such a scenario seems not to specific, perhaps there are other solutions which are I'm
not aware of.