Locking down shared object permissions for MC Admin needs to specify every single share object
Article ID: 420926
Updated On:
Products
Issue/Introduction
Large Edge SWG environment managed via Management Center.
Role based access control is enabled where certain administrators can perform different tasks using the associated roles and permissions setup.
For additional security, the global administrator wanted to restrict role based permissions to shared objects; when adding permissions for the Policy object and adding a filter, all the policies including shared objects are available for selection but only one can be selected. Selecting a second policy in the screenshot below de-selects the first policy. If the admin wants to apply restrictions to more than one policy, a new policy object must be added with the additional policy. When trying to restrict many policies, this task can become cumbersome.
Is there a way to select policy and just edit shared objects?
Environment
Management Center.
Edge and Cloud SWG devices.
Shared objects.
Cause
Working as designed.
Resolution
When permissions to policy objects are applied, they must be applied one policy objects or shared object at a time i.e. the existing setup described above is working as designed.
Feedback
