Role-Based Access Control for Managing and Overriding Security Checks
Learn about the new permissions introduced to manage security checks, security check
exceptions, and overriding security checks.
Strata Cloud Manager introduces new permissions to enforce access control for
managing security checks, managing security check exceptions, and overriding
security check block actions. These permissions offer granular control and enhance
security by preventing users from making unauthorized changes to the security checks
essential for maintaining compliance. The new permissions are:
Manage Security Checks
Security checks are a set of
predefined best practice checks and custom checks that evaluate your
configuration and identify deviations.
To view predefined best
practice checks and perform actions such as creating, editing, deleting, or
cloning custom checks, you will now need the necessary read and write access
for the Manage Security Check permission.
Manage Security Check Exceptions
Security check exceptions allow
you to turn off specific security checks for certain devices in your
environment.
To manage and view the security check exceptions, you
will now need the necessary read and write access for the Manage
Security Check Exception permission.
Override Security Check Block Action
You can override
the security check block action in two ways:
When you push the configuration to
the firewall, you can choose to ignore security check failures and
continue with the push operation.
When you create or edit a Security Policy Rule,
Strata Cloud Manager validates the rules against existing security
checks. If the checks fail, you can choose to override and save the
rule.
To perform any of the above override operations, you will now need read
and write access for Override Security Check Block
Action permission.
The following table outlines the predefined roles and the associated
new permissions:
Roles
Permissions
Superuser
Includes read and write access for the following permissions:
Manage Security Checks
Manage Security Check Exception
Override Security Check Block Action
Network Administrator
Security Administrator
View Only Administrator
Includes read-only access for the following permissions:
Manage Security Checks
Manage Security Check Exception
For all other predefined roles, Strata Cloud Manager hides the Security
Checks and Security Check Exceptions tabs in the Security
Posture Settings. Alternatively, you can create or edit existing
custom roles and configure the necessary
permissions to view, manage, and override security checks.
