This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
shenaitejas
Participant
‎2022-10-20 02:51 AM
Jump to solution

Admin access to only specific gateway

Hi Team,

I have two user in smart console and both having read/write access.Also i have 2 gateways as A and B so is it possible to configure admin 1 can change policies of only gateway A and admin 2 can change only policies of gateway B.If yes please let me know.

Thanks in advance.

0 Kudos
1 Solution

Accepted Solutions
Tal_Paz-Fridman
Employee
Employee
‎2022-10-20 08:22 AM
Jump to solution

You'll need to to assign a Permission Profile for each administrator, then attach that Profile to the relevant Policy Layer (part of the overall Policy). Here are the general steps:

1| For each Administrator define a different Read/Write Permission Profile (even if the actual settings are identical).

2| Define two Policy Packages - one for each Security Gateway

3| The Policy Package is made of the specific Policy Layers, so assign each one with the relevant Permission Profile:

Menu > Manage policies and layers > layers > Access Control > Select the Layer name belonging to the Policy > Edit > Permissions

4| Add the relevant Permission Profiles

 

The end result is two policies that can be changed only by the relevant administrator.

 

2022-10-20 18_20_28-Layer Editor.png

View solution in original post

4 Replies
Tal_Paz-Fridman
Employee
Employee
‎2022-10-20 08:22 AM
Jump to solution

You'll need to to assign a Permission Profile for each administrator, then attach that Profile to the relevant Policy Layer (part of the overall Policy). Here are the general steps:

1| For each Administrator define a different Read/Write Permission Profile (even if the actual settings are identical).

2| Define two Policy Packages - one for each Security Gateway

3| The Policy Package is made of the specific Policy Layers, so assign each one with the relevant Permission Profile:

Menu > Manage policies and layers > layers > Access Control > Select the Layer name belonging to the Policy > Edit > Permissions

4| Add the relevant Permission Profiles

 

The end result is two policies that can be changed only by the relevant administrator.

 

2022-10-20 18_20_28-Layer Editor.png

PhoneBoy
Admin
Admin
‎2022-10-20 12:11 PM
In response to Tal_Paz-Fridman
Jump to solution

One caveat with this approach: both administrators will have access to edit the underlying objects, which can affect policies on both gateways.
For true separation of duties where each gateway has its own set of objects modifiable only by the relevant administrator, you need Multi-Domain.

0 Kudos
the_rock
Legend
Legend
‎2022-10-20 09:40 AM
Jump to solution

@Tal_Paz-Fridman gave you perfect response.

0 Kudos
shenaitejas
Participant
‎2022-10-21 07:27 AM
Jump to solution

Thank you all..I will check it.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events