Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

Role Based Administration (RBA)

Description:

The access to gclish features is controlled by Role Based Administration (RBA): each user is assigned with a role. Each role has a set of read-only features and read-write features. The user is not exposed to any features, other than the ones assigned to his role.

RBA configuration and properties for the 61000/41000 Security System is the same as for Gaia. See the Gaia Administration Guide for more details.

Notes:

  • Extended commands have no read/write notion. When an extended command is added to a role (either as read or write), it can be executed by the users assigned to this role, regardless of its implications
  • Each extended command should be separately added to role. Since asg command is the "entrance" to the 61000/41000 Security System, it usually needs to be added to all roles
  • In order to allow user to run extended commands, its uid must be zero. This property is enforced when adding new users
  • The user account information file located at /etc/passwd should not be edited by the user. RBA configuration should be performed only via gclish.

Example:

> add rba role myRole domain-type System readonly-features Chassis,interface   readwrite-features route
> add user myUser uid 0 homedir /home/myUser
> set user myUser password
> add rba user myUser roles myRole
> show rba role myRole
 
Top of Page ©2014 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print