How to restrict to Policy Push alone?

[ppnair@gmail.com]

Hi Guys,

I would appreciate any inputs on this. I have to provide GUI access to operations folks on Fw-1 NGX R62 firewalls Smart Dashborad.

My question is: How can I restrict a user only allowed to push [Install] the policy. Read-only mode will not allow this, Read-write mode aloows everything which they have access to change rules, delete objects etc.

So from the operations perspective I am looking for a user access with only install policy.

Thanks in advance

Praveen

[dantro]

Create a permission read/write profile that matches your requirements as close as possible. Use this profile for the admin account in question.

[dondma]

Another possibility is that if the admin(s) have access to the enforcement module console, they can run a command to 'pull' the policy, thereby eliminating the need to access to Smart Dashboard. This is done using the 'fw fetch' command

[Thorpuse]

I had a chat with CP Product Managers about this exact same issue at CPX. They are looking into an "Approver" and "Installer" role in the next version, although if they get more people asking for it they may accelerate this. I'd strongly suggest you submit this as an RFE so that they see the need.

[ppnair@gmail.com]

Hi Dantro, Dondma and Thorpuse,

Appreciate your responses. As Thorpuse explained I should submit a RFE for this specific need. In my understanding there is no way to edit some config files or any other methods to restrict an user only to allow him to simply push the policy. With the read/write he can do everything; read-only he cannot push the policy. So I need something in between for operations.

Any other experts figured this out there? I would appreciate if any..

Thanks and Regards,

Praveen
I silently pray for our 9/11 victims and families. God Bless America !