Junos Space Developer
Highlighted
Junos Space Developer

Possible user previlege per SRX on SD?

2 weeks ago

Hi all,

 

May i kow in SD whether we can restrict user just can access certain firewall in SD only. For example in SD i have 10 SRX but user A just can see the 1 SRX only? If possible can u show me the step?

 

 

Thanks and appreciae your feedback

3 REPLIES 3
Highlighted
Junos Space Developer

Re: Possible user previlege per SRX on SD?

[ Edited ]
2 weeks ago

Hi kronicklez,

 

The below document has details on assigning and unassigning users to domains. This should help you :

https://www.juniper.net/documentation/en_US/junos-space18.3/topics/task/multi-task/junos-space-domai...

 

The below Security Director guide should be able to give you additional details about other features:

https://www.juniper.net/documentation/en_US/junos-space18.4/information-products/pathway-pages/secur...

 

Hope this helps Smiley Happy

 

Please mark "Accepted Solution" if this works for you.

Kudos would be very much appreciated. Smiley Happy

Highlighted
Junos Space Developer

Re: Possible user previlege per SRX on SD?

2 weeks ago
Hi,

From space or SD, user privilege restriction can be configured by creating a user account and assigning a specific role to it.
As per the example which you have shared, you will have to create specific domains for it. Then map particular srx and user to a particular domain so that the users assigned to that domain can access only that SRX and policies related to it.

https://www.juniper.net/documentation/en_US/junos-space17.2/topics/task/configuration/junos-space-us...

For domains- https://www.juniper.net/documentation/en_US/junos-space17.2/topics/task/configuration/junos-space-do...

Regards
-Animesh
If this worked for you please flag my post as an "Accepted Solution" so others can be benefited.
Highlighted
Junos Space Developer

Re: Possible user previlege per SRX on SD?

2 weeks ago
Hi,

Also it's important to check that domain mapping is done correctly for the users. Once you assign a user to a domain, the same user will be restricted to that domain.

Srx also needs to be managed from that domain for which you want specific user restriction..
You can also move srx across domains but just need to be careful as we need to move the specific policies and objects as well linked to that srx from one domain to another.

Please ensure you do not enable Object visibility across domains as that allow users from separate domain view objects of the parent domain.

Refer to the RBAC overview guide in space and SD for more details -
https://www.juniper.net/documentation/en_US/junos-space17.2/topics/concept/junos-space-domain-rbac-o...

Regards
-Animesh
If this worked for you please flag my post as an "Accepted Solution" so others can be benefited.