Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
shenaitejas
Participant
Jump to solution

Admin access to only specific gateway

Hi Team,

I have two user in smart console and both having read/write access.Also i have 2 gateways as A and B so is it possible to configure admin 1 can change policies of only gateway A and admin 2 can change only policies of gateway B.If yes please let me know.

Thanks in advance.

0 Kudos
1 Solution

Accepted Solutions
Tal_Paz-Fridman
Employee
Employee

You'll need to to assign a Permission Profile for each administrator, then attach that Profile to the relevant Policy Layer (part of the overall Policy). Here are the general steps:

1| For each Administrator define a different Read/Write Permission Profile (even if the actual settings are identical).

2| Define two Policy Packages - one for each Security Gateway

3| The Policy Package is made of the specific Policy Layers, so assign each one with the relevant Permission Profile:

Menu > Manage policies and layers > layers > Access Control > Select the Layer name belonging to the Policy > Edit > Permissions

4| Add the relevant Permission Profiles

 

The end result is two policies that can be changed only by the relevant administrator.

 

2022-10-20 18_20_28-Layer Editor.png

View solution in original post

4 Replies
Tal_Paz-Fridman
Employee
Employee

You'll need to to assign a Permission Profile for each administrator, then attach that Profile to the relevant Policy Layer (part of the overall Policy). Here are the general steps:

1| For each Administrator define a different Read/Write Permission Profile (even if the actual settings are identical).

2| Define two Policy Packages - one for each Security Gateway

3| The Policy Package is made of the specific Policy Layers, so assign each one with the relevant Permission Profile:

Menu > Manage policies and layers > layers > Access Control > Select the Layer name belonging to the Policy > Edit > Permissions

4| Add the relevant Permission Profiles

 

The end result is two policies that can be changed only by the relevant administrator.

 

2022-10-20 18_20_28-Layer Editor.png

PhoneBoy
Admin
Admin

One caveat with this approach: both administrators will have access to edit the underlying objects, which can affect policies on both gateways.
For true separation of duties where each gateway has its own set of objects modifiable only by the relevant administrator, you need Multi-Domain.

0 Kudos
the_rock
Legend
Legend

@Tal_Paz-Fridman gave you perfect response.

0 Kudos
shenaitejas
Participant

Thank you all..I will check it.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events