Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ivo_Hrbacek
Contributor
Contributor
Jump to solution

Permission profile just for one inline layer

Hi,

playing with profiles and have a question, I have few people who should have read only just to ONE inline layer. I can create profile, see below, and I am using this profile just in this layer. Anyway my user assigned to this profile can see other policies in read only because this way just limit write access. Is there a way how to change this behavior? and allow users to have read only just to one layer?

thx!

layer settings:

profile:

else policy settings:

1 Solution

Accepted Solutions
Tomer_Sole
Mentor
Mentor

Hi,

With Permissions Per Layer, you can either have:

- Show all policies and edit specific layers

- Show and edit all policies and layers

- Not see any security policy

You cannot limit users from seeing just some of the layers with R80.10 unfortunately.

One workaround that I can offer would be a self service portal which uses the API commands and limits specific users through that portal, but it won't be as part of SmartConsole.

Hope this helps.

View solution in original post

9 Replies
PhoneBoy
Admin
Admin

Just to clarify your question: you only want to allow a specific user to read a specific layer, and not other layers that might be in use, correct?

As far as I know (and https://community.checkpoint.com/people/tomera5b2e7f3-09aa-32f8-96c2-f0f5bfa2988b‌ should be able to confirm), this is not possible at the moment.

0 Kudos
Tomer_Sole
Mentor
Mentor

Hi,

With Permissions Per Layer, you can either have:

- Show all policies and edit specific layers

- Show and edit all policies and layers

- Not see any security policy

You cannot limit users from seeing just some of the layers with R80.10 unfortunately.

One workaround that I can offer would be a self service portal which uses the API commands and limits specific users through that portal, but it won't be as part of SmartConsole.

Hope this helps.

Ivo_Hrbacek
Contributor
Contributor

Hello Tomer,

back to this question.. do you have some self service portal code which can be shared and used as a template? I do not want to start from scratch you know

thx

ivo

PhoneBoy
Admin
Admin
Ivo_Hrbacek
Contributor
Contributor

thx

G_W_Albrecht
Legend Legend
Legend

Is there any chance that this will be possible in future versions ?

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
PhoneBoy
Admin
Admin

Possibly, but can't commit Smiley Happy

0 Kudos
Jonas_Reiter
Employee
Employee

Is there anything new about this in R82?

0 Kudos
PhoneBoy
Admin
Admin

As near as I can tell, this is still not possible in R82.
If you have this as a requirement, please bring it through your local Check Point office with an RFE.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events