Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Dima_M
Employee
Employee

SmartTask - Custom Permissions

R80.x Security Management makes team work easier by allowing to configure granular permission profiles, delegate ownership of different Layers to different administrators and more.

Sometimes, we might want to create "per object" permission, such profile can be very useful when we want to outsource parts of the policy or limit admins in team to specific object types.

 

This SmartTask allows us to further extend the permission profiles by running a custom script (Pre Publish)that ensures that the administrators included in Custom Data "admins" field only modify objects that hold the tag specified in the "allowed tag" field.

You can download the attached SmartTask in txt format and import it to your Security Management Server. Right after import, you'll find the SmartTask itself in Manage and Settings > SmartTasks, the script it uses resides in Scripts Repository (Gateways & Servers > Scripts).

 

cp2.png

2 Replies
Jarvis_Lin
Collaborator

Will it still work in R81.20?

Regardless of whether there is a tag "DMZ" or not, the results of my test can be successfully written to the object

0 Kudos
Michele_Gullia
Employee
Employee

In my lab R81.20 I had to made some change in the script to make it works:

- the script runs local on mgt so no base64 is needed to convert the $1

-in my env the $1 it's the location of a temp file in the mgt that contain the json output of "show changes" API 

So the trigger_json variable can be populated with this command:

               trigger_json=$(cat $1)

then there is a problem in the message2 variable output that contains " that corrupts the script output so I've also make this change:

from    m2=${m2//\"/\\\"}

to       m2=$(echo "$m2" | sed 's/\"/\'\''/g')

I've attached my version here. the script can be imported using the script repository import gui from smart console and than you can edit the SmartTask  by selecting my script.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events