Custom Roles and Permissions

For an overview of Smart-1 Cloud role management, see Roles and Permissions.

Smart-1 Cloud supports custom permission profiles that allow administrators to define granular access levels based on organizational needs.

Custom permission profiles are created in Web, Streamed, or installed SmartConsole and automatically synchronized to the Check Point Portal as assignable Smart-1 Cloud service roles.

Limitations

Some permissions require full administrator access and cannot be delegated through custom roles:

Inspect Files (.DEF)
Forward to SIEM
Zero Touch

When users require these capabilities, assign them a role with administrator‑level permissions.

Snapshot Restore Considerations

If Smart-1 Cloud is restored from a snapshot, custom roles created after the snapshot may still appear in the Check Point Portal if they were previously assigned to users.

Users assigned to these roles might be unable to connect to Smart-1 Cloud.

To resolve this, remove the affected custom roles from the user profiles.

Role Interaction

Custom permission profiles appear in the portal as additional Smart-1 Cloud service roles.
Permissions from predefined and custom service roles are additive.
Assigning a custom role does not override predefined permissions.

Tasks

Creating a Custom Permission Profile

Log in to the Web, Streamed, or installed SmartConsole.
Go to Manage & Settings and then select Permissions & Administrators.
Select Permission Profiles.
Click New.
In the Permissions section, select Customized.
Configure the required permissions.
Click OK. The profile shows in the Permission Profiles page.
Assign the new profile to administrators.
Publish the SmartConsole session.
Install the policy.

Assigning a Custom Role in the Check Point Portal

See instruction in the Check Point PortalAdministration Guide > Account Settings > Users > Specific Service Roles and select the custom role you created in SmartConsole (Web, Streamed, or installed).