Role-based administration (RBA) lets you create administrative roles for users. With RBA, an administrator can allow GaiaClosed Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. users to access specified features by including those features in a role and assigning that role to users. Each role can include a combination of administrative (read/write) access to some features, monitoring (read‑only) access to other features, and no access to other features.

You can also specify which access mechanisms (Gaia PortalClosed Web interface for the Check Point Gaia operating system., or Gaia ClishClosed The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell).) are available to the user.

Note - When users log in to the Gaia Portal, they see only those features to which they have read-only or read/write access. If they have read-only access to a feature, they can see the settings pages, but cannot change the settings.

Gaia includes these predefined roles:




Gives the user read/write access to all features.


Gives the user read-only access to all features.


  • You cannot delete or change the predefined roles.

  • Do not define a new user for external users.

    An external user is one that is defined on an authentication server (such as RADIUS or TACACS), and not on the local Gaia system.