Viewing docs for checkpoint 3.0.0
published on Monday, Mar 30, 2026 by checkpointsw
published on Monday, Mar 30, 2026 by checkpointsw
Viewing docs for checkpoint 3.0.0
published on Monday, Mar 30, 2026 by checkpointsw
published on Monday, Mar 30, 2026 by checkpointsw
This resource allows you to execute Check Point Domain Permissions Profile.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as checkpoint from "@pulumi/checkpoint";
const example = new checkpoint.ManagementDomainPermissionsProfile("example", {name: "customize profile"});
import pulumi
import pulumi_checkpoint as checkpoint
example = checkpoint.ManagementDomainPermissionsProfile("example", name="customize profile")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/checkpoint/v3/checkpoint"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := checkpoint.NewManagementDomainPermissionsProfile(ctx, "example", &checkpoint.ManagementDomainPermissionsProfileArgs{
Name: pulumi.String("customize profile"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Checkpoint = Pulumi.Checkpoint;
return await Deployment.RunAsync(() =>
{
var example = new Checkpoint.ManagementDomainPermissionsProfile("example", new()
{
Name = "customize profile",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.checkpoint.ManagementDomainPermissionsProfile;
import com.pulumi.checkpoint.ManagementDomainPermissionsProfileArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ManagementDomainPermissionsProfile("example", ManagementDomainPermissionsProfileArgs.builder()
.name("customize profile")
.build());
}
}
resources:
example:
type: checkpoint:ManagementDomainPermissionsProfile
properties:
name: customize profile
Create ManagementDomainPermissionsProfile Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ManagementDomainPermissionsProfile(name: string, args?: ManagementDomainPermissionsProfileArgs, opts?: CustomResourceOptions);@overload
def ManagementDomainPermissionsProfile(resource_name: str,
args: Optional[ManagementDomainPermissionsProfileArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def ManagementDomainPermissionsProfile(resource_name: str,
opts: Optional[ResourceOptions] = None,
access_control: Optional[ManagementDomainPermissionsProfileAccessControlArgs] = None,
color: Optional[str] = None,
comments: Optional[str] = None,
edit_common_objects: Optional[bool] = None,
endpoint: Optional[ManagementDomainPermissionsProfileEndpointArgs] = None,
events_and_reports: Optional[ManagementDomainPermissionsProfileEventsAndReportsArgs] = None,
gateways: Optional[ManagementDomainPermissionsProfileGatewaysArgs] = None,
ignore_errors: Optional[bool] = None,
ignore_warnings: Optional[bool] = None,
management: Optional[ManagementDomainPermissionsProfileManagementArgs] = None,
management_domain_permissions_profile_id: Optional[str] = None,
monitoring_and_logging: Optional[ManagementDomainPermissionsProfileMonitoringAndLoggingArgs] = None,
name: Optional[str] = None,
others: Optional[ManagementDomainPermissionsProfileOthersArgs] = None,
permission_type: Optional[str] = None,
tags: Optional[Sequence[str]] = None,
threat_prevention: Optional[ManagementDomainPermissionsProfileThreatPreventionArgs] = None)func NewManagementDomainPermissionsProfile(ctx *Context, name string, args *ManagementDomainPermissionsProfileArgs, opts ...ResourceOption) (*ManagementDomainPermissionsProfile, error)public ManagementDomainPermissionsProfile(string name, ManagementDomainPermissionsProfileArgs? args = null, CustomResourceOptions? opts = null)
public ManagementDomainPermissionsProfile(String name, ManagementDomainPermissionsProfileArgs args)
public ManagementDomainPermissionsProfile(String name, ManagementDomainPermissionsProfileArgs args, CustomResourceOptions options)
type: checkpoint:ManagementDomainPermissionsProfile
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ManagementDomainPermissionsProfileArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ManagementDomainPermissionsProfileArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ManagementDomainPermissionsProfileArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ManagementDomainPermissionsProfileArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ManagementDomainPermissionsProfileArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var managementDomainPermissionsProfileResource = new Checkpoint.ManagementDomainPermissionsProfile("managementDomainPermissionsProfileResource", new()
{
AccessControl = new Checkpoint.Inputs.ManagementDomainPermissionsProfileAccessControlArgs
{
AccessControlObjectsAndSettings = "string",
AppControlAndUrlFilteringUpdate = false,
DlpPolicy = "string",
GeoControlPolicy = "string",
InstallPolicy = false,
NatPolicy = "string",
PolicyLayers = new Checkpoint.Inputs.ManagementDomainPermissionsProfileAccessControlPolicyLayersArgs
{
AppControlAndUrlFiltering = false,
ContentAwareness = false,
EditLayers = "string",
Firewall = false,
MobileAccess = false,
},
QosPolicy = "string",
ShowPolicy = false,
},
Color = "string",
Comments = "string",
EditCommonObjects = false,
Endpoint = new Checkpoint.Inputs.ManagementDomainPermissionsProfileEndpointArgs
{
AllowExecutingPushOperations = false,
AuthorizePrebootUsers = false,
EditEndpointPolicies = false,
EditSoftwareDeployment = false,
ManagePoliciesAndSoftwareDeployment = false,
PoliciesInstallation = false,
RecoveryMedia = false,
RemoteHelp = false,
ResetComputerData = false,
SoftwareDeploymentInstallation = false,
},
EventsAndReports = new Checkpoint.Inputs.ManagementDomainPermissionsProfileEventsAndReportsArgs
{
Events = "string",
Policy = "string",
Reports = false,
SmartEvent = "string",
},
Gateways = new Checkpoint.Inputs.ManagementDomainPermissionsProfileGatewaysArgs
{
LsmGwDb = "string",
ManageProvisioningProfiles = "string",
ManageRepositoryScripts = "string",
OpenShell = false,
RunOneTimeScript = false,
RunRepositoryScript = false,
SmartUpdate = "string",
SystemBackup = false,
SystemRestore = false,
VsxProvisioning = false,
},
IgnoreErrors = false,
IgnoreWarnings = false,
Management = new Checkpoint.Inputs.ManagementDomainPermissionsProfileManagementArgs
{
ApproveOrRejectSessions = false,
CmeOperations = "string",
HighAvailabilityOperations = false,
ManageAdmins = false,
ManageIntegrationWithCloudServices = false,
ManageSessions = false,
ManagementApiLogin = false,
PublishSessions = false,
},
ManagementDomainPermissionsProfileId = "string",
MonitoringAndLogging = new Checkpoint.Inputs.ManagementDomainPermissionsProfileMonitoringAndLoggingArgs
{
AppAndUrlFilteringLogs = false,
DlpLogsIncludingConfidentialFields = false,
HttpsInspectionLogs = false,
Identities = false,
ManageDlpMessages = false,
ManagementLogs = "string",
Monitoring = "string",
PacketCaptureAndForensics = false,
ShowIdentitiesByDefault = false,
ShowPacketCaptureByDefault = false,
TrackLogs = "string",
},
Name = "string",
Others = new Checkpoint.Inputs.ManagementDomainPermissionsProfileOthersArgs
{
ClientCertificates = false,
EditCpUsersDb = false,
HttpsInspection = "string",
LdapUsersDb = "string",
UserAuthorityAccess = "string",
UserDeviceMgmtConf = "string",
},
PermissionType = "string",
Tags = new[]
{
"string",
},
ThreatPrevention = new Checkpoint.Inputs.ManagementDomainPermissionsProfileThreatPreventionArgs
{
EditLayers = "string",
EditSettings = false,
InstallPolicy = false,
IpsUpdate = false,
PolicyExceptions = "string",
PolicyLayers = "string",
Profiles = "string",
Protections = "string",
},
});
example, err := checkpoint.NewManagementDomainPermissionsProfile(ctx, "managementDomainPermissionsProfileResource", &checkpoint.ManagementDomainPermissionsProfileArgs{
AccessControl: &checkpoint.ManagementDomainPermissionsProfileAccessControlArgs{
AccessControlObjectsAndSettings: pulumi.String("string"),
AppControlAndUrlFilteringUpdate: pulumi.Bool(false),
DlpPolicy: pulumi.String("string"),
GeoControlPolicy: pulumi.String("string"),
InstallPolicy: pulumi.Bool(false),
NatPolicy: pulumi.String("string"),
PolicyLayers: &checkpoint.ManagementDomainPermissionsProfileAccessControlPolicyLayersArgs{
AppControlAndUrlFiltering: pulumi.Bool(false),
ContentAwareness: pulumi.Bool(false),
EditLayers: pulumi.String("string"),
Firewall: pulumi.Bool(false),
MobileAccess: pulumi.Bool(false),
},
QosPolicy: pulumi.String("string"),
ShowPolicy: pulumi.Bool(false),
},
Color: pulumi.String("string"),
Comments: pulumi.String("string"),
EditCommonObjects: pulumi.Bool(false),
Endpoint: &checkpoint.ManagementDomainPermissionsProfileEndpointArgs{
AllowExecutingPushOperations: pulumi.Bool(false),
AuthorizePrebootUsers: pulumi.Bool(false),
EditEndpointPolicies: pulumi.Bool(false),
EditSoftwareDeployment: pulumi.Bool(false),
ManagePoliciesAndSoftwareDeployment: pulumi.Bool(false),
PoliciesInstallation: pulumi.Bool(false),
RecoveryMedia: pulumi.Bool(false),
RemoteHelp: pulumi.Bool(false),
ResetComputerData: pulumi.Bool(false),
SoftwareDeploymentInstallation: pulumi.Bool(false),
},
EventsAndReports: &checkpoint.ManagementDomainPermissionsProfileEventsAndReportsArgs{
Events: pulumi.String("string"),
Policy: pulumi.String("string"),
Reports: pulumi.Bool(false),
SmartEvent: pulumi.String("string"),
},
Gateways: &checkpoint.ManagementDomainPermissionsProfileGatewaysArgs{
LsmGwDb: pulumi.String("string"),
ManageProvisioningProfiles: pulumi.String("string"),
ManageRepositoryScripts: pulumi.String("string"),
OpenShell: pulumi.Bool(false),
RunOneTimeScript: pulumi.Bool(false),
RunRepositoryScript: pulumi.Bool(false),
SmartUpdate: pulumi.String("string"),
SystemBackup: pulumi.Bool(false),
SystemRestore: pulumi.Bool(false),
VsxProvisioning: pulumi.Bool(false),
},
IgnoreErrors: pulumi.Bool(false),
IgnoreWarnings: pulumi.Bool(false),
Management: &checkpoint.ManagementDomainPermissionsProfileManagementArgs{
ApproveOrRejectSessions: pulumi.Bool(false),
CmeOperations: pulumi.String("string"),
HighAvailabilityOperations: pulumi.Bool(false),
ManageAdmins: pulumi.Bool(false),
ManageIntegrationWithCloudServices: pulumi.Bool(false),
ManageSessions: pulumi.Bool(false),
ManagementApiLogin: pulumi.Bool(false),
PublishSessions: pulumi.Bool(false),
},
ManagementDomainPermissionsProfileId: pulumi.String("string"),
MonitoringAndLogging: &checkpoint.ManagementDomainPermissionsProfileMonitoringAndLoggingArgs{
AppAndUrlFilteringLogs: pulumi.Bool(false),
DlpLogsIncludingConfidentialFields: pulumi.Bool(false),
HttpsInspectionLogs: pulumi.Bool(false),
Identities: pulumi.Bool(false),
ManageDlpMessages: pulumi.Bool(false),
ManagementLogs: pulumi.String("string"),
Monitoring: pulumi.String("string"),
PacketCaptureAndForensics: pulumi.Bool(false),
ShowIdentitiesByDefault: pulumi.Bool(false),
ShowPacketCaptureByDefault: pulumi.Bool(false),
TrackLogs: pulumi.String("string"),
},
Name: pulumi.String("string"),
Others: &checkpoint.ManagementDomainPermissionsProfileOthersArgs{
ClientCertificates: pulumi.Bool(false),
EditCpUsersDb: pulumi.Bool(false),
HttpsInspection: pulumi.String("string"),
LdapUsersDb: pulumi.String("string"),
UserAuthorityAccess: pulumi.String("string"),
UserDeviceMgmtConf: pulumi.String("string"),
},
PermissionType: pulumi.String("string"),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
ThreatPrevention: &checkpoint.ManagementDomainPermissionsProfileThreatPreventionArgs{
EditLayers: pulumi.String("string"),
EditSettings: pulumi.Bool(false),
InstallPolicy: pulumi.Bool(false),
IpsUpdate: pulumi.Bool(false),
PolicyExceptions: pulumi.String("string"),
PolicyLayers: pulumi.String("string"),
Profiles: pulumi.String("string"),
Protections: pulumi.String("string"),
},
})
var managementDomainPermissionsProfileResource = new ManagementDomainPermissionsProfile("managementDomainPermissionsProfileResource", ManagementDomainPermissionsProfileArgs.builder()
.accessControl(ManagementDomainPermissionsProfileAccessControlArgs.builder()
.accessControlObjectsAndSettings("string")
.appControlAndUrlFilteringUpdate(false)
.dlpPolicy("string")
.geoControlPolicy("string")
.installPolicy(false)
.natPolicy("string")
.policyLayers(ManagementDomainPermissionsProfileAccessControlPolicyLayersArgs.builder()
.appControlAndUrlFiltering(false)
.contentAwareness(false)
.editLayers("string")
.firewall(false)
.mobileAccess(false)
.build())
.qosPolicy("string")
.showPolicy(false)
.build())
.color("string")
.comments("string")
.editCommonObjects(false)
.endpoint(ManagementDomainPermissionsProfileEndpointArgs.builder()
.allowExecutingPushOperations(false)
.authorizePrebootUsers(false)
.editEndpointPolicies(false)
.editSoftwareDeployment(false)
.managePoliciesAndSoftwareDeployment(false)
.policiesInstallation(false)
.recoveryMedia(false)
.remoteHelp(false)
.resetComputerData(false)
.softwareDeploymentInstallation(false)
.build())
.eventsAndReports(ManagementDomainPermissionsProfileEventsAndReportsArgs.builder()
.events("string")
.policy("string")
.reports(false)
.smartEvent("string")
.build())
.gateways(ManagementDomainPermissionsProfileGatewaysArgs.builder()
.lsmGwDb("string")
.manageProvisioningProfiles("string")
.manageRepositoryScripts("string")
.openShell(false)
.runOneTimeScript(false)
.runRepositoryScript(false)
.smartUpdate("string")
.systemBackup(false)
.systemRestore(false)
.vsxProvisioning(false)
.build())
.ignoreErrors(false)
.ignoreWarnings(false)
.management(ManagementDomainPermissionsProfileManagementArgs.builder()
.approveOrRejectSessions(false)
.cmeOperations("string")
.highAvailabilityOperations(false)
.manageAdmins(false)
.manageIntegrationWithCloudServices(false)
.manageSessions(false)
.managementApiLogin(false)
.publishSessions(false)
.build())
.managementDomainPermissionsProfileId("string")
.monitoringAndLogging(ManagementDomainPermissionsProfileMonitoringAndLoggingArgs.builder()
.appAndUrlFilteringLogs(false)
.dlpLogsIncludingConfidentialFields(false)
.httpsInspectionLogs(false)
.identities(false)
.manageDlpMessages(false)
.managementLogs("string")
.monitoring("string")
.packetCaptureAndForensics(false)
.showIdentitiesByDefault(false)
.showPacketCaptureByDefault(false)
.trackLogs("string")
.build())
.name("string")
.others(ManagementDomainPermissionsProfileOthersArgs.builder()
.clientCertificates(false)
.editCpUsersDb(false)
.httpsInspection("string")
.ldapUsersDb("string")
.userAuthorityAccess("string")
.userDeviceMgmtConf("string")
.build())
.permissionType("string")
.tags("string")
.threatPrevention(ManagementDomainPermissionsProfileThreatPreventionArgs.builder()
.editLayers("string")
.editSettings(false)
.installPolicy(false)
.ipsUpdate(false)
.policyExceptions("string")
.policyLayers("string")
.profiles("string")
.protections("string")
.build())
.build());
management_domain_permissions_profile_resource = checkpoint.ManagementDomainPermissionsProfile("managementDomainPermissionsProfileResource",
access_control={
"access_control_objects_and_settings": "string",
"app_control_and_url_filtering_update": False,
"dlp_policy": "string",
"geo_control_policy": "string",
"install_policy": False,
"nat_policy": "string",
"policy_layers": {
"app_control_and_url_filtering": False,
"content_awareness": False,
"edit_layers": "string",
"firewall": False,
"mobile_access": False,
},
"qos_policy": "string",
"show_policy": False,
},
color="string",
comments="string",
edit_common_objects=False,
endpoint={
"allow_executing_push_operations": False,
"authorize_preboot_users": False,
"edit_endpoint_policies": False,
"edit_software_deployment": False,
"manage_policies_and_software_deployment": False,
"policies_installation": False,
"recovery_media": False,
"remote_help": False,
"reset_computer_data": False,
"software_deployment_installation": False,
},
events_and_reports={
"events": "string",
"policy": "string",
"reports": False,
"smart_event": "string",
},
gateways={
"lsm_gw_db": "string",
"manage_provisioning_profiles": "string",
"manage_repository_scripts": "string",
"open_shell": False,
"run_one_time_script": False,
"run_repository_script": False,
"smart_update": "string",
"system_backup": False,
"system_restore": False,
"vsx_provisioning": False,
},
ignore_errors=False,
ignore_warnings=False,
management={
"approve_or_reject_sessions": False,
"cme_operations": "string",
"high_availability_operations": False,
"manage_admins": False,
"manage_integration_with_cloud_services": False,
"manage_sessions": False,
"management_api_login": False,
"publish_sessions": False,
},
management_domain_permissions_profile_id="string",
monitoring_and_logging={
"app_and_url_filtering_logs": False,
"dlp_logs_including_confidential_fields": False,
"https_inspection_logs": False,
"identities": False,
"manage_dlp_messages": False,
"management_logs": "string",
"monitoring": "string",
"packet_capture_and_forensics": False,
"show_identities_by_default": False,
"show_packet_capture_by_default": False,
"track_logs": "string",
},
name="string",
others={
"client_certificates": False,
"edit_cp_users_db": False,
"https_inspection": "string",
"ldap_users_db": "string",
"user_authority_access": "string",
"user_device_mgmt_conf": "string",
},
permission_type="string",
tags=["string"],
threat_prevention={
"edit_layers": "string",
"edit_settings": False,
"install_policy": False,
"ips_update": False,
"policy_exceptions": "string",
"policy_layers": "string",
"profiles": "string",
"protections": "string",
})
const managementDomainPermissionsProfileResource = new checkpoint.ManagementDomainPermissionsProfile("managementDomainPermissionsProfileResource", {
accessControl: {
accessControlObjectsAndSettings: "string",
appControlAndUrlFilteringUpdate: false,
dlpPolicy: "string",
geoControlPolicy: "string",
installPolicy: false,
natPolicy: "string",
policyLayers: {
appControlAndUrlFiltering: false,
contentAwareness: false,
editLayers: "string",
firewall: false,
mobileAccess: false,
},
qosPolicy: "string",
showPolicy: false,
},
color: "string",
comments: "string",
editCommonObjects: false,
endpoint: {
allowExecutingPushOperations: false,
authorizePrebootUsers: false,
editEndpointPolicies: false,
editSoftwareDeployment: false,
managePoliciesAndSoftwareDeployment: false,
policiesInstallation: false,
recoveryMedia: false,
remoteHelp: false,
resetComputerData: false,
softwareDeploymentInstallation: false,
},
eventsAndReports: {
events: "string",
policy: "string",
reports: false,
smartEvent: "string",
},
gateways: {
lsmGwDb: "string",
manageProvisioningProfiles: "string",
manageRepositoryScripts: "string",
openShell: false,
runOneTimeScript: false,
runRepositoryScript: false,
smartUpdate: "string",
systemBackup: false,
systemRestore: false,
vsxProvisioning: false,
},
ignoreErrors: false,
ignoreWarnings: false,
management: {
approveOrRejectSessions: false,
cmeOperations: "string",
highAvailabilityOperations: false,
manageAdmins: false,
manageIntegrationWithCloudServices: false,
manageSessions: false,
managementApiLogin: false,
publishSessions: false,
},
managementDomainPermissionsProfileId: "string",
monitoringAndLogging: {
appAndUrlFilteringLogs: false,
dlpLogsIncludingConfidentialFields: false,
httpsInspectionLogs: false,
identities: false,
manageDlpMessages: false,
managementLogs: "string",
monitoring: "string",
packetCaptureAndForensics: false,
showIdentitiesByDefault: false,
showPacketCaptureByDefault: false,
trackLogs: "string",
},
name: "string",
others: {
clientCertificates: false,
editCpUsersDb: false,
httpsInspection: "string",
ldapUsersDb: "string",
userAuthorityAccess: "string",
userDeviceMgmtConf: "string",
},
permissionType: "string",
tags: ["string"],
threatPrevention: {
editLayers: "string",
editSettings: false,
installPolicy: false,
ipsUpdate: false,
policyExceptions: "string",
policyLayers: "string",
profiles: "string",
protections: "string",
},
});
type: checkpoint:ManagementDomainPermissionsProfile
properties:
accessControl:
accessControlObjectsAndSettings: string
appControlAndUrlFilteringUpdate: false
dlpPolicy: string
geoControlPolicy: string
installPolicy: false
natPolicy: string
policyLayers:
appControlAndUrlFiltering: false
contentAwareness: false
editLayers: string
firewall: false
mobileAccess: false
qosPolicy: string
showPolicy: false
color: string
comments: string
editCommonObjects: false
endpoint:
allowExecutingPushOperations: false
authorizePrebootUsers: false
editEndpointPolicies: false
editSoftwareDeployment: false
managePoliciesAndSoftwareDeployment: false
policiesInstallation: false
recoveryMedia: false
remoteHelp: false
resetComputerData: false
softwareDeploymentInstallation: false
eventsAndReports:
events: string
policy: string
reports: false
smartEvent: string
gateways:
lsmGwDb: string
manageProvisioningProfiles: string
manageRepositoryScripts: string
openShell: false
runOneTimeScript: false
runRepositoryScript: false
smartUpdate: string
systemBackup: false
systemRestore: false
vsxProvisioning: false
ignoreErrors: false
ignoreWarnings: false
management:
approveOrRejectSessions: false
cmeOperations: string
highAvailabilityOperations: false
manageAdmins: false
manageIntegrationWithCloudServices: false
manageSessions: false
managementApiLogin: false
publishSessions: false
managementDomainPermissionsProfileId: string
monitoringAndLogging:
appAndUrlFilteringLogs: false
dlpLogsIncludingConfidentialFields: false
httpsInspectionLogs: false
identities: false
manageDlpMessages: false
managementLogs: string
monitoring: string
packetCaptureAndForensics: false
showIdentitiesByDefault: false
showPacketCaptureByDefault: false
trackLogs: string
name: string
others:
clientCertificates: false
editCpUsersDb: false
httpsInspection: string
ldapUsersDb: string
userAuthorityAccess: string
userDeviceMgmtConf: string
permissionType: string
tags:
- string
threatPrevention:
editLayers: string
editSettings: false
installPolicy: false
ipsUpdate: false
policyExceptions: string
policyLayers: string
profiles: string
protections: string
ManagementDomainPermissionsProfile Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ManagementDomainPermissionsProfile resource accepts the following input properties:
- Access
Control ManagementDomain Permissions Profile Access Control - Access Control permissions.Only a 'Customized' permission-type profile can edit these permissions.access_control blocks are documented below.
- Color string
- Color of the object. Should be one of existing colors.
- Comments string
- Comments string.
- Edit
Common boolObjects - Define and manage objects in the Check Point database: Network Objects, Services, Custom Application Site, VPN Community, Users, Servers, Resources, Time, UserCheck, and Limit.Only a 'Customized' permission-type profile can edit this permission.
- Endpoint
Management
Domain Permissions Profile Endpoint - Endpoint permissions. Not supported for Multi-Domain Servers.Only a 'Customized' permission-type profile can edit these permissions.endpoint blocks are documented below.
- Events
And ManagementReports Domain Permissions Profile Events And Reports - Events and Reports permissions.Only a 'Customized' permission-type profile can edit these permissions.events_and_reports blocks are documented below.
- Gateways
Management
Domain Permissions Profile Gateways - Gateways permissions. Only a 'Customized' permission-type profile can edit these permissions.gateways blocks are documented below.
- Ignore
Errors bool - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- Ignore
Warnings bool - Apply changes ignoring warnings.
- Management
Management
Domain Permissions Profile Management - Management permissions.management blocks are documented below.
- Management
Domain stringPermissions Profile Id - Monitoring
And ManagementLogging Domain Permissions Profile Monitoring And Logging - Monitoring and Logging permissions.'Customized' permission-type profile can edit all these permissions. "Read Write All" permission-type can edit only dlp-logs-including-confidential-fields and manage-dlp-messages permissions.monitoring_and_logging blocks are documented below.
- Name string
- Object name.
- Others
Management
Domain Permissions Profile Others - Additional permissions.Only a 'Customized' permission-type profile can edit these permissions.others blocks are documented below.
- Permission
Type string - The type of the Permissions Profile.
- List<string>
- Collection of tag identifiers.tags blocks are documented below.
- Threat
Prevention ManagementDomain Permissions Profile Threat Prevention - Threat Prevention permissions.Only a 'Customized' permission-type profile can edit these permissions.threat_prevention blocks are documented below.
- Access
Control ManagementDomain Permissions Profile Access Control Args - Access Control permissions.Only a 'Customized' permission-type profile can edit these permissions.access_control blocks are documented below.
- Color string
- Color of the object. Should be one of existing colors.
- Comments string
- Comments string.
- Edit
Common boolObjects - Define and manage objects in the Check Point database: Network Objects, Services, Custom Application Site, VPN Community, Users, Servers, Resources, Time, UserCheck, and Limit.Only a 'Customized' permission-type profile can edit this permission.
- Endpoint
Management
Domain Permissions Profile Endpoint Args - Endpoint permissions. Not supported for Multi-Domain Servers.Only a 'Customized' permission-type profile can edit these permissions.endpoint blocks are documented below.
- Events
And ManagementReports Domain Permissions Profile Events And Reports Args - Events and Reports permissions.Only a 'Customized' permission-type profile can edit these permissions.events_and_reports blocks are documented below.
- Gateways
Management
Domain Permissions Profile Gateways Args - Gateways permissions. Only a 'Customized' permission-type profile can edit these permissions.gateways blocks are documented below.
- Ignore
Errors bool - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- Ignore
Warnings bool - Apply changes ignoring warnings.
- Management
Management
Domain Permissions Profile Management Args - Management permissions.management blocks are documented below.
- Management
Domain stringPermissions Profile Id - Monitoring
And ManagementLogging Domain Permissions Profile Monitoring And Logging Args - Monitoring and Logging permissions.'Customized' permission-type profile can edit all these permissions. "Read Write All" permission-type can edit only dlp-logs-including-confidential-fields and manage-dlp-messages permissions.monitoring_and_logging blocks are documented below.
- Name string
- Object name.
- Others
Management
Domain Permissions Profile Others Args - Additional permissions.Only a 'Customized' permission-type profile can edit these permissions.others blocks are documented below.
- Permission
Type string - The type of the Permissions Profile.
- []string
- Collection of tag identifiers.tags blocks are documented below.
- Threat
Prevention ManagementDomain Permissions Profile Threat Prevention Args - Threat Prevention permissions.Only a 'Customized' permission-type profile can edit these permissions.threat_prevention blocks are documented below.
- access
Control ManagementDomain Permissions Profile Access Control - Access Control permissions.Only a 'Customized' permission-type profile can edit these permissions.access_control blocks are documented below.
- color String
- Color of the object. Should be one of existing colors.
- comments String
- Comments string.
- edit
Common BooleanObjects - Define and manage objects in the Check Point database: Network Objects, Services, Custom Application Site, VPN Community, Users, Servers, Resources, Time, UserCheck, and Limit.Only a 'Customized' permission-type profile can edit this permission.
- endpoint
Management
Domain Permissions Profile Endpoint - Endpoint permissions. Not supported for Multi-Domain Servers.Only a 'Customized' permission-type profile can edit these permissions.endpoint blocks are documented below.
- events
And ManagementReports Domain Permissions Profile Events And Reports - Events and Reports permissions.Only a 'Customized' permission-type profile can edit these permissions.events_and_reports blocks are documented below.
- gateways
Management
Domain Permissions Profile Gateways - Gateways permissions. Only a 'Customized' permission-type profile can edit these permissions.gateways blocks are documented below.
- ignore
Errors Boolean - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- ignore
Warnings Boolean - Apply changes ignoring warnings.
- management
Management
Domain Permissions Profile Management - Management permissions.management blocks are documented below.
- management
Domain StringPermissions Profile Id - monitoring
And ManagementLogging Domain Permissions Profile Monitoring And Logging - Monitoring and Logging permissions.'Customized' permission-type profile can edit all these permissions. "Read Write All" permission-type can edit only dlp-logs-including-confidential-fields and manage-dlp-messages permissions.monitoring_and_logging blocks are documented below.
- name String
- Object name.
- others
Management
Domain Permissions Profile Others - Additional permissions.Only a 'Customized' permission-type profile can edit these permissions.others blocks are documented below.
- permission
Type String - The type of the Permissions Profile.
- List<String>
- Collection of tag identifiers.tags blocks are documented below.
- threat
Prevention ManagementDomain Permissions Profile Threat Prevention - Threat Prevention permissions.Only a 'Customized' permission-type profile can edit these permissions.threat_prevention blocks are documented below.
- access
Control ManagementDomain Permissions Profile Access Control - Access Control permissions.Only a 'Customized' permission-type profile can edit these permissions.access_control blocks are documented below.
- color string
- Color of the object. Should be one of existing colors.
- comments string
- Comments string.
- edit
Common booleanObjects - Define and manage objects in the Check Point database: Network Objects, Services, Custom Application Site, VPN Community, Users, Servers, Resources, Time, UserCheck, and Limit.Only a 'Customized' permission-type profile can edit this permission.
- endpoint
Management
Domain Permissions Profile Endpoint - Endpoint permissions. Not supported for Multi-Domain Servers.Only a 'Customized' permission-type profile can edit these permissions.endpoint blocks are documented below.
- events
And ManagementReports Domain Permissions Profile Events And Reports - Events and Reports permissions.Only a 'Customized' permission-type profile can edit these permissions.events_and_reports blocks are documented below.
- gateways
Management
Domain Permissions Profile Gateways - Gateways permissions. Only a 'Customized' permission-type profile can edit these permissions.gateways blocks are documented below.
- ignore
Errors boolean - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- ignore
Warnings boolean - Apply changes ignoring warnings.
- management
Management
Domain Permissions Profile Management - Management permissions.management blocks are documented below.
- management
Domain stringPermissions Profile Id - monitoring
And ManagementLogging Domain Permissions Profile Monitoring And Logging - Monitoring and Logging permissions.'Customized' permission-type profile can edit all these permissions. "Read Write All" permission-type can edit only dlp-logs-including-confidential-fields and manage-dlp-messages permissions.monitoring_and_logging blocks are documented below.
- name string
- Object name.
- others
Management
Domain Permissions Profile Others - Additional permissions.Only a 'Customized' permission-type profile can edit these permissions.others blocks are documented below.
- permission
Type string - The type of the Permissions Profile.
- string[]
- Collection of tag identifiers.tags blocks are documented below.
- threat
Prevention ManagementDomain Permissions Profile Threat Prevention - Threat Prevention permissions.Only a 'Customized' permission-type profile can edit these permissions.threat_prevention blocks are documented below.
- access_
control ManagementDomain Permissions Profile Access Control Args - Access Control permissions.Only a 'Customized' permission-type profile can edit these permissions.access_control blocks are documented below.
- color str
- Color of the object. Should be one of existing colors.
- comments str
- Comments string.
- edit_
common_ boolobjects - Define and manage objects in the Check Point database: Network Objects, Services, Custom Application Site, VPN Community, Users, Servers, Resources, Time, UserCheck, and Limit.Only a 'Customized' permission-type profile can edit this permission.
- endpoint
Management
Domain Permissions Profile Endpoint Args - Endpoint permissions. Not supported for Multi-Domain Servers.Only a 'Customized' permission-type profile can edit these permissions.endpoint blocks are documented below.
- events_
and_ Managementreports Domain Permissions Profile Events And Reports Args - Events and Reports permissions.Only a 'Customized' permission-type profile can edit these permissions.events_and_reports blocks are documented below.
- gateways
Management
Domain Permissions Profile Gateways Args - Gateways permissions. Only a 'Customized' permission-type profile can edit these permissions.gateways blocks are documented below.
- ignore_
errors bool - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- ignore_
warnings bool - Apply changes ignoring warnings.
- management
Management
Domain Permissions Profile Management Args - Management permissions.management blocks are documented below.
- management_
domain_ strpermissions_ profile_ id - monitoring_
and_ Managementlogging Domain Permissions Profile Monitoring And Logging Args - Monitoring and Logging permissions.'Customized' permission-type profile can edit all these permissions. "Read Write All" permission-type can edit only dlp-logs-including-confidential-fields and manage-dlp-messages permissions.monitoring_and_logging blocks are documented below.
- name str
- Object name.
- others
Management
Domain Permissions Profile Others Args - Additional permissions.Only a 'Customized' permission-type profile can edit these permissions.others blocks are documented below.
- permission_
type str - The type of the Permissions Profile.
- Sequence[str]
- Collection of tag identifiers.tags blocks are documented below.
- threat_
prevention ManagementDomain Permissions Profile Threat Prevention Args - Threat Prevention permissions.Only a 'Customized' permission-type profile can edit these permissions.threat_prevention blocks are documented below.
- access
Control Property Map - Access Control permissions.Only a 'Customized' permission-type profile can edit these permissions.access_control blocks are documented below.
- color String
- Color of the object. Should be one of existing colors.
- comments String
- Comments string.
- edit
Common BooleanObjects - Define and manage objects in the Check Point database: Network Objects, Services, Custom Application Site, VPN Community, Users, Servers, Resources, Time, UserCheck, and Limit.Only a 'Customized' permission-type profile can edit this permission.
- endpoint Property Map
- Endpoint permissions. Not supported for Multi-Domain Servers.Only a 'Customized' permission-type profile can edit these permissions.endpoint blocks are documented below.
- events
And Property MapReports - Events and Reports permissions.Only a 'Customized' permission-type profile can edit these permissions.events_and_reports blocks are documented below.
- gateways Property Map
- Gateways permissions. Only a 'Customized' permission-type profile can edit these permissions.gateways blocks are documented below.
- ignore
Errors Boolean - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- ignore
Warnings Boolean - Apply changes ignoring warnings.
- management Property Map
- Management permissions.management blocks are documented below.
- management
Domain StringPermissions Profile Id - monitoring
And Property MapLogging - Monitoring and Logging permissions.'Customized' permission-type profile can edit all these permissions. "Read Write All" permission-type can edit only dlp-logs-including-confidential-fields and manage-dlp-messages permissions.monitoring_and_logging blocks are documented below.
- name String
- Object name.
- others Property Map
- Additional permissions.Only a 'Customized' permission-type profile can edit these permissions.others blocks are documented below.
- permission
Type String - The type of the Permissions Profile.
- List<String>
- Collection of tag identifiers.tags blocks are documented below.
- threat
Prevention Property Map - Threat Prevention permissions.Only a 'Customized' permission-type profile can edit these permissions.threat_prevention blocks are documented below.
Outputs
All input properties are implicitly available as output properties. Additionally, the ManagementDomainPermissionsProfile resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ManagementDomainPermissionsProfile Resource
Get an existing ManagementDomainPermissionsProfile resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ManagementDomainPermissionsProfileState, opts?: CustomResourceOptions): ManagementDomainPermissionsProfile@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_control: Optional[ManagementDomainPermissionsProfileAccessControlArgs] = None,
color: Optional[str] = None,
comments: Optional[str] = None,
edit_common_objects: Optional[bool] = None,
endpoint: Optional[ManagementDomainPermissionsProfileEndpointArgs] = None,
events_and_reports: Optional[ManagementDomainPermissionsProfileEventsAndReportsArgs] = None,
gateways: Optional[ManagementDomainPermissionsProfileGatewaysArgs] = None,
ignore_errors: Optional[bool] = None,
ignore_warnings: Optional[bool] = None,
management: Optional[ManagementDomainPermissionsProfileManagementArgs] = None,
management_domain_permissions_profile_id: Optional[str] = None,
monitoring_and_logging: Optional[ManagementDomainPermissionsProfileMonitoringAndLoggingArgs] = None,
name: Optional[str] = None,
others: Optional[ManagementDomainPermissionsProfileOthersArgs] = None,
permission_type: Optional[str] = None,
tags: Optional[Sequence[str]] = None,
threat_prevention: Optional[ManagementDomainPermissionsProfileThreatPreventionArgs] = None) -> ManagementDomainPermissionsProfilefunc GetManagementDomainPermissionsProfile(ctx *Context, name string, id IDInput, state *ManagementDomainPermissionsProfileState, opts ...ResourceOption) (*ManagementDomainPermissionsProfile, error)public static ManagementDomainPermissionsProfile Get(string name, Input<string> id, ManagementDomainPermissionsProfileState? state, CustomResourceOptions? opts = null)public static ManagementDomainPermissionsProfile get(String name, Output<String> id, ManagementDomainPermissionsProfileState state, CustomResourceOptions options)resources: _: type: checkpoint:ManagementDomainPermissionsProfile get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Control ManagementDomain Permissions Profile Access Control - Access Control permissions.Only a 'Customized' permission-type profile can edit these permissions.access_control blocks are documented below.
- Color string
- Color of the object. Should be one of existing colors.
- Comments string
- Comments string.
- Edit
Common boolObjects - Define and manage objects in the Check Point database: Network Objects, Services, Custom Application Site, VPN Community, Users, Servers, Resources, Time, UserCheck, and Limit.Only a 'Customized' permission-type profile can edit this permission.
- Endpoint
Management
Domain Permissions Profile Endpoint - Endpoint permissions. Not supported for Multi-Domain Servers.Only a 'Customized' permission-type profile can edit these permissions.endpoint blocks are documented below.
- Events
And ManagementReports Domain Permissions Profile Events And Reports - Events and Reports permissions.Only a 'Customized' permission-type profile can edit these permissions.events_and_reports blocks are documented below.
- Gateways
Management
Domain Permissions Profile Gateways - Gateways permissions. Only a 'Customized' permission-type profile can edit these permissions.gateways blocks are documented below.
- Ignore
Errors bool - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- Ignore
Warnings bool - Apply changes ignoring warnings.
- Management
Management
Domain Permissions Profile Management - Management permissions.management blocks are documented below.
- Management
Domain stringPermissions Profile Id - Monitoring
And ManagementLogging Domain Permissions Profile Monitoring And Logging - Monitoring and Logging permissions.'Customized' permission-type profile can edit all these permissions. "Read Write All" permission-type can edit only dlp-logs-including-confidential-fields and manage-dlp-messages permissions.monitoring_and_logging blocks are documented below.
- Name string
- Object name.
- Others
Management
Domain Permissions Profile Others - Additional permissions.Only a 'Customized' permission-type profile can edit these permissions.others blocks are documented below.
- Permission
Type string - The type of the Permissions Profile.
- List<string>
- Collection of tag identifiers.tags blocks are documented below.
- Threat
Prevention ManagementDomain Permissions Profile Threat Prevention - Threat Prevention permissions.Only a 'Customized' permission-type profile can edit these permissions.threat_prevention blocks are documented below.
- Access
Control ManagementDomain Permissions Profile Access Control Args - Access Control permissions.Only a 'Customized' permission-type profile can edit these permissions.access_control blocks are documented below.
- Color string
- Color of the object. Should be one of existing colors.
- Comments string
- Comments string.
- Edit
Common boolObjects - Define and manage objects in the Check Point database: Network Objects, Services, Custom Application Site, VPN Community, Users, Servers, Resources, Time, UserCheck, and Limit.Only a 'Customized' permission-type profile can edit this permission.
- Endpoint
Management
Domain Permissions Profile Endpoint Args - Endpoint permissions. Not supported for Multi-Domain Servers.Only a 'Customized' permission-type profile can edit these permissions.endpoint blocks are documented below.
- Events
And ManagementReports Domain Permissions Profile Events And Reports Args - Events and Reports permissions.Only a 'Customized' permission-type profile can edit these permissions.events_and_reports blocks are documented below.
- Gateways
Management
Domain Permissions Profile Gateways Args - Gateways permissions. Only a 'Customized' permission-type profile can edit these permissions.gateways blocks are documented below.
- Ignore
Errors bool - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- Ignore
Warnings bool - Apply changes ignoring warnings.
- Management
Management
Domain Permissions Profile Management Args - Management permissions.management blocks are documented below.
- Management
Domain stringPermissions Profile Id - Monitoring
And ManagementLogging Domain Permissions Profile Monitoring And Logging Args - Monitoring and Logging permissions.'Customized' permission-type profile can edit all these permissions. "Read Write All" permission-type can edit only dlp-logs-including-confidential-fields and manage-dlp-messages permissions.monitoring_and_logging blocks are documented below.
- Name string
- Object name.
- Others
Management
Domain Permissions Profile Others Args - Additional permissions.Only a 'Customized' permission-type profile can edit these permissions.others blocks are documented below.
- Permission
Type string - The type of the Permissions Profile.
- []string
- Collection of tag identifiers.tags blocks are documented below.
- Threat
Prevention ManagementDomain Permissions Profile Threat Prevention Args - Threat Prevention permissions.Only a 'Customized' permission-type profile can edit these permissions.threat_prevention blocks are documented below.
- access
Control ManagementDomain Permissions Profile Access Control - Access Control permissions.Only a 'Customized' permission-type profile can edit these permissions.access_control blocks are documented below.
- color String
- Color of the object. Should be one of existing colors.
- comments String
- Comments string.
- edit
Common BooleanObjects - Define and manage objects in the Check Point database: Network Objects, Services, Custom Application Site, VPN Community, Users, Servers, Resources, Time, UserCheck, and Limit.Only a 'Customized' permission-type profile can edit this permission.
- endpoint
Management
Domain Permissions Profile Endpoint - Endpoint permissions. Not supported for Multi-Domain Servers.Only a 'Customized' permission-type profile can edit these permissions.endpoint blocks are documented below.
- events
And ManagementReports Domain Permissions Profile Events And Reports - Events and Reports permissions.Only a 'Customized' permission-type profile can edit these permissions.events_and_reports blocks are documented below.
- gateways
Management
Domain Permissions Profile Gateways - Gateways permissions. Only a 'Customized' permission-type profile can edit these permissions.gateways blocks are documented below.
- ignore
Errors Boolean - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- ignore
Warnings Boolean - Apply changes ignoring warnings.
- management
Management
Domain Permissions Profile Management - Management permissions.management blocks are documented below.
- management
Domain StringPermissions Profile Id - monitoring
And ManagementLogging Domain Permissions Profile Monitoring And Logging - Monitoring and Logging permissions.'Customized' permission-type profile can edit all these permissions. "Read Write All" permission-type can edit only dlp-logs-including-confidential-fields and manage-dlp-messages permissions.monitoring_and_logging blocks are documented below.
- name String
- Object name.
- others
Management
Domain Permissions Profile Others - Additional permissions.Only a 'Customized' permission-type profile can edit these permissions.others blocks are documented below.
- permission
Type String - The type of the Permissions Profile.
- List<String>
- Collection of tag identifiers.tags blocks are documented below.
- threat
Prevention ManagementDomain Permissions Profile Threat Prevention - Threat Prevention permissions.Only a 'Customized' permission-type profile can edit these permissions.threat_prevention blocks are documented below.
- access
Control ManagementDomain Permissions Profile Access Control - Access Control permissions.Only a 'Customized' permission-type profile can edit these permissions.access_control blocks are documented below.
- color string
- Color of the object. Should be one of existing colors.
- comments string
- Comments string.
- edit
Common booleanObjects - Define and manage objects in the Check Point database: Network Objects, Services, Custom Application Site, VPN Community, Users, Servers, Resources, Time, UserCheck, and Limit.Only a 'Customized' permission-type profile can edit this permission.
- endpoint
Management
Domain Permissions Profile Endpoint - Endpoint permissions. Not supported for Multi-Domain Servers.Only a 'Customized' permission-type profile can edit these permissions.endpoint blocks are documented below.
- events
And ManagementReports Domain Permissions Profile Events And Reports - Events and Reports permissions.Only a 'Customized' permission-type profile can edit these permissions.events_and_reports blocks are documented below.
- gateways
Management
Domain Permissions Profile Gateways - Gateways permissions. Only a 'Customized' permission-type profile can edit these permissions.gateways blocks are documented below.
- ignore
Errors boolean - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- ignore
Warnings boolean - Apply changes ignoring warnings.
- management
Management
Domain Permissions Profile Management - Management permissions.management blocks are documented below.
- management
Domain stringPermissions Profile Id - monitoring
And ManagementLogging Domain Permissions Profile Monitoring And Logging - Monitoring and Logging permissions.'Customized' permission-type profile can edit all these permissions. "Read Write All" permission-type can edit only dlp-logs-including-confidential-fields and manage-dlp-messages permissions.monitoring_and_logging blocks are documented below.
- name string
- Object name.
- others
Management
Domain Permissions Profile Others - Additional permissions.Only a 'Customized' permission-type profile can edit these permissions.others blocks are documented below.
- permission
Type string - The type of the Permissions Profile.
- string[]
- Collection of tag identifiers.tags blocks are documented below.
- threat
Prevention ManagementDomain Permissions Profile Threat Prevention - Threat Prevention permissions.Only a 'Customized' permission-type profile can edit these permissions.threat_prevention blocks are documented below.
- access_
control ManagementDomain Permissions Profile Access Control Args - Access Control permissions.Only a 'Customized' permission-type profile can edit these permissions.access_control blocks are documented below.
- color str
- Color of the object. Should be one of existing colors.
- comments str
- Comments string.
- edit_
common_ boolobjects - Define and manage objects in the Check Point database: Network Objects, Services, Custom Application Site, VPN Community, Users, Servers, Resources, Time, UserCheck, and Limit.Only a 'Customized' permission-type profile can edit this permission.
- endpoint
Management
Domain Permissions Profile Endpoint Args - Endpoint permissions. Not supported for Multi-Domain Servers.Only a 'Customized' permission-type profile can edit these permissions.endpoint blocks are documented below.
- events_
and_ Managementreports Domain Permissions Profile Events And Reports Args - Events and Reports permissions.Only a 'Customized' permission-type profile can edit these permissions.events_and_reports blocks are documented below.
- gateways
Management
Domain Permissions Profile Gateways Args - Gateways permissions. Only a 'Customized' permission-type profile can edit these permissions.gateways blocks are documented below.
- ignore_
errors bool - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- ignore_
warnings bool - Apply changes ignoring warnings.
- management
Management
Domain Permissions Profile Management Args - Management permissions.management blocks are documented below.
- management_
domain_ strpermissions_ profile_ id - monitoring_
and_ Managementlogging Domain Permissions Profile Monitoring And Logging Args - Monitoring and Logging permissions.'Customized' permission-type profile can edit all these permissions. "Read Write All" permission-type can edit only dlp-logs-including-confidential-fields and manage-dlp-messages permissions.monitoring_and_logging blocks are documented below.
- name str
- Object name.
- others
Management
Domain Permissions Profile Others Args - Additional permissions.Only a 'Customized' permission-type profile can edit these permissions.others blocks are documented below.
- permission_
type str - The type of the Permissions Profile.
- Sequence[str]
- Collection of tag identifiers.tags blocks are documented below.
- threat_
prevention ManagementDomain Permissions Profile Threat Prevention Args - Threat Prevention permissions.Only a 'Customized' permission-type profile can edit these permissions.threat_prevention blocks are documented below.
- access
Control Property Map - Access Control permissions.Only a 'Customized' permission-type profile can edit these permissions.access_control blocks are documented below.
- color String
- Color of the object. Should be one of existing colors.
- comments String
- Comments string.
- edit
Common BooleanObjects - Define and manage objects in the Check Point database: Network Objects, Services, Custom Application Site, VPN Community, Users, Servers, Resources, Time, UserCheck, and Limit.Only a 'Customized' permission-type profile can edit this permission.
- endpoint Property Map
- Endpoint permissions. Not supported for Multi-Domain Servers.Only a 'Customized' permission-type profile can edit these permissions.endpoint blocks are documented below.
- events
And Property MapReports - Events and Reports permissions.Only a 'Customized' permission-type profile can edit these permissions.events_and_reports blocks are documented below.
- gateways Property Map
- Gateways permissions. Only a 'Customized' permission-type profile can edit these permissions.gateways blocks are documented below.
- ignore
Errors Boolean - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
- ignore
Warnings Boolean - Apply changes ignoring warnings.
- management Property Map
- Management permissions.management blocks are documented below.
- management
Domain StringPermissions Profile Id - monitoring
And Property MapLogging - Monitoring and Logging permissions.'Customized' permission-type profile can edit all these permissions. "Read Write All" permission-type can edit only dlp-logs-including-confidential-fields and manage-dlp-messages permissions.monitoring_and_logging blocks are documented below.
- name String
- Object name.
- others Property Map
- Additional permissions.Only a 'Customized' permission-type profile can edit these permissions.others blocks are documented below.
- permission
Type String - The type of the Permissions Profile.
- List<String>
- Collection of tag identifiers.tags blocks are documented below.
- threat
Prevention Property Map - Threat Prevention permissions.Only a 'Customized' permission-type profile can edit these permissions.threat_prevention blocks are documented below.
Supporting Types
ManagementDomainPermissionsProfileAccessControl, ManagementDomainPermissionsProfileAccessControlArgs
- Access
Control stringObjects And Settings - Allow editing of the following objet types: VPN Community, Access Role, Custom application group,Custom application, Custom category, Limit, Application - Match Settings, Application Category - Match Settings,Override Categorization, Application and URL filtering blade - Advanced Settings, Content Awareness blade - Advanced Settings.
- App
Control boolAnd Url Filtering Update - Install Application and URL Filtering updates.
- Dlp
Policy string - Configure DLP rules and Policies.
- Geo
Control stringPolicy - Work with Access Control rules that control traffic to and from specified countries.
- Install
Policy bool - Install Access Control Policies.
- Nat
Policy string - Work with NAT in Access Control rules.
- Policy
Layers ManagementDomain Permissions Profile Access Control Policy Layers - Layer editing permissions.Available only if show-policy is set to true.policy_layers blocks are documented below.
- Qos
Policy string - Work with QoS Policies and rules.
- Show
Policy bool - Select to let administrators work with Access Control rules and NAT rules. If not selected, administrators cannot see these rules.
- Access
Control stringObjects And Settings - Allow editing of the following objet types: VPN Community, Access Role, Custom application group,Custom application, Custom category, Limit, Application - Match Settings, Application Category - Match Settings,Override Categorization, Application and URL filtering blade - Advanced Settings, Content Awareness blade - Advanced Settings.
- App
Control boolAnd Url Filtering Update - Install Application and URL Filtering updates.
- Dlp
Policy string - Configure DLP rules and Policies.
- Geo
Control stringPolicy - Work with Access Control rules that control traffic to and from specified countries.
- Install
Policy bool - Install Access Control Policies.
- Nat
Policy string - Work with NAT in Access Control rules.
- Policy
Layers ManagementDomain Permissions Profile Access Control Policy Layers - Layer editing permissions.Available only if show-policy is set to true.policy_layers blocks are documented below.
- Qos
Policy string - Work with QoS Policies and rules.
- Show
Policy bool - Select to let administrators work with Access Control rules and NAT rules. If not selected, administrators cannot see these rules.
- access
Control StringObjects And Settings - Allow editing of the following objet types: VPN Community, Access Role, Custom application group,Custom application, Custom category, Limit, Application - Match Settings, Application Category - Match Settings,Override Categorization, Application and URL filtering blade - Advanced Settings, Content Awareness blade - Advanced Settings.
- app
Control BooleanAnd Url Filtering Update - Install Application and URL Filtering updates.
- dlp
Policy String - Configure DLP rules and Policies.
- geo
Control StringPolicy - Work with Access Control rules that control traffic to and from specified countries.
- install
Policy Boolean - Install Access Control Policies.
- nat
Policy String - Work with NAT in Access Control rules.
- policy
Layers ManagementDomain Permissions Profile Access Control Policy Layers - Layer editing permissions.Available only if show-policy is set to true.policy_layers blocks are documented below.
- qos
Policy String - Work with QoS Policies and rules.
- show
Policy Boolean - Select to let administrators work with Access Control rules and NAT rules. If not selected, administrators cannot see these rules.
- access
Control stringObjects And Settings - Allow editing of the following objet types: VPN Community, Access Role, Custom application group,Custom application, Custom category, Limit, Application - Match Settings, Application Category - Match Settings,Override Categorization, Application and URL filtering blade - Advanced Settings, Content Awareness blade - Advanced Settings.
- app
Control booleanAnd Url Filtering Update - Install Application and URL Filtering updates.
- dlp
Policy string - Configure DLP rules and Policies.
- geo
Control stringPolicy - Work with Access Control rules that control traffic to and from specified countries.
- install
Policy boolean - Install Access Control Policies.
- nat
Policy string - Work with NAT in Access Control rules.
- policy
Layers ManagementDomain Permissions Profile Access Control Policy Layers - Layer editing permissions.Available only if show-policy is set to true.policy_layers blocks are documented below.
- qos
Policy string - Work with QoS Policies and rules.
- show
Policy boolean - Select to let administrators work with Access Control rules and NAT rules. If not selected, administrators cannot see these rules.
- access_
control_ strobjects_ and_ settings - Allow editing of the following objet types: VPN Community, Access Role, Custom application group,Custom application, Custom category, Limit, Application - Match Settings, Application Category - Match Settings,Override Categorization, Application and URL filtering blade - Advanced Settings, Content Awareness blade - Advanced Settings.
- app_
control_ booland_ url_ filtering_ update - Install Application and URL Filtering updates.
- dlp_
policy str - Configure DLP rules and Policies.
- geo_
control_ strpolicy - Work with Access Control rules that control traffic to and from specified countries.
- install_
policy bool - Install Access Control Policies.
- nat_
policy str - Work with NAT in Access Control rules.
- policy_
layers ManagementDomain Permissions Profile Access Control Policy Layers - Layer editing permissions.Available only if show-policy is set to true.policy_layers blocks are documented below.
- qos_
policy str - Work with QoS Policies and rules.
- show_
policy bool - Select to let administrators work with Access Control rules and NAT rules. If not selected, administrators cannot see these rules.
- access
Control StringObjects And Settings - Allow editing of the following objet types: VPN Community, Access Role, Custom application group,Custom application, Custom category, Limit, Application - Match Settings, Application Category - Match Settings,Override Categorization, Application and URL filtering blade - Advanced Settings, Content Awareness blade - Advanced Settings.
- app
Control BooleanAnd Url Filtering Update - Install Application and URL Filtering updates.
- dlp
Policy String - Configure DLP rules and Policies.
- geo
Control StringPolicy - Work with Access Control rules that control traffic to and from specified countries.
- install
Policy Boolean - Install Access Control Policies.
- nat
Policy String - Work with NAT in Access Control rules.
- policy
Layers Property Map - Layer editing permissions.Available only if show-policy is set to true.policy_layers blocks are documented below.
- qos
Policy String - Work with QoS Policies and rules.
- show
Policy Boolean - Select to let administrators work with Access Control rules and NAT rules. If not selected, administrators cannot see these rules.
ManagementDomainPermissionsProfileAccessControlPolicyLayers, ManagementDomainPermissionsProfileAccessControlPolicyLayersArgs
- App
Control boolAnd Url Filtering - Use Application and URL Filtering in Access Control rules.Available only if edit-layers is set to "By Software Blades".
- Content
Awareness bool - Use specified data types in Access Control rules.Available only if edit-layers is set to "By Software Blades".
- Edit
Layers string - "By Software Blades" - Edit Access Control layers that contain the blades enabled in the Permissions Profile."By Selected Profile In A Layer Editor" - Administrators can only edit the layer if the Access Control layer editor gives editing permission to their profiles.
- Firewall bool
- Work with Access Control and other Software Blades that do not have their own Policies.Available only if edit-layers is set to "By Software Blades".
- Mobile
Access bool - Work with Mobile Access rules.Available only if edit-layers is set to "By Software Blades".
- App
Control boolAnd Url Filtering - Use Application and URL Filtering in Access Control rules.Available only if edit-layers is set to "By Software Blades".
- Content
Awareness bool - Use specified data types in Access Control rules.Available only if edit-layers is set to "By Software Blades".
- Edit
Layers string - "By Software Blades" - Edit Access Control layers that contain the blades enabled in the Permissions Profile."By Selected Profile In A Layer Editor" - Administrators can only edit the layer if the Access Control layer editor gives editing permission to their profiles.
- Firewall bool
- Work with Access Control and other Software Blades that do not have their own Policies.Available only if edit-layers is set to "By Software Blades".
- Mobile
Access bool - Work with Mobile Access rules.Available only if edit-layers is set to "By Software Blades".
- app
Control BooleanAnd Url Filtering - Use Application and URL Filtering in Access Control rules.Available only if edit-layers is set to "By Software Blades".
- content
Awareness Boolean - Use specified data types in Access Control rules.Available only if edit-layers is set to "By Software Blades".
- edit
Layers String - "By Software Blades" - Edit Access Control layers that contain the blades enabled in the Permissions Profile."By Selected Profile In A Layer Editor" - Administrators can only edit the layer if the Access Control layer editor gives editing permission to their profiles.
- firewall Boolean
- Work with Access Control and other Software Blades that do not have their own Policies.Available only if edit-layers is set to "By Software Blades".
- mobile
Access Boolean - Work with Mobile Access rules.Available only if edit-layers is set to "By Software Blades".
- app
Control booleanAnd Url Filtering - Use Application and URL Filtering in Access Control rules.Available only if edit-layers is set to "By Software Blades".
- content
Awareness boolean - Use specified data types in Access Control rules.Available only if edit-layers is set to "By Software Blades".
- edit
Layers string - "By Software Blades" - Edit Access Control layers that contain the blades enabled in the Permissions Profile."By Selected Profile In A Layer Editor" - Administrators can only edit the layer if the Access Control layer editor gives editing permission to their profiles.
- firewall boolean
- Work with Access Control and other Software Blades that do not have their own Policies.Available only if edit-layers is set to "By Software Blades".
- mobile
Access boolean - Work with Mobile Access rules.Available only if edit-layers is set to "By Software Blades".
- app_
control_ booland_ url_ filtering - Use Application and URL Filtering in Access Control rules.Available only if edit-layers is set to "By Software Blades".
- content_
awareness bool - Use specified data types in Access Control rules.Available only if edit-layers is set to "By Software Blades".
- edit_
layers str - "By Software Blades" - Edit Access Control layers that contain the blades enabled in the Permissions Profile."By Selected Profile In A Layer Editor" - Administrators can only edit the layer if the Access Control layer editor gives editing permission to their profiles.
- firewall bool
- Work with Access Control and other Software Blades that do not have their own Policies.Available only if edit-layers is set to "By Software Blades".
- mobile_
access bool - Work with Mobile Access rules.Available only if edit-layers is set to "By Software Blades".
- app
Control BooleanAnd Url Filtering - Use Application and URL Filtering in Access Control rules.Available only if edit-layers is set to "By Software Blades".
- content
Awareness Boolean - Use specified data types in Access Control rules.Available only if edit-layers is set to "By Software Blades".
- edit
Layers String - "By Software Blades" - Edit Access Control layers that contain the blades enabled in the Permissions Profile."By Selected Profile In A Layer Editor" - Administrators can only edit the layer if the Access Control layer editor gives editing permission to their profiles.
- firewall Boolean
- Work with Access Control and other Software Blades that do not have their own Policies.Available only if edit-layers is set to "By Software Blades".
- mobile
Access Boolean - Work with Mobile Access rules.Available only if edit-layers is set to "By Software Blades".
ManagementDomainPermissionsProfileEndpoint, ManagementDomainPermissionsProfileEndpointArgs
- Allow
Executing boolPush Operations - The administrator can start operations that the Security Management Server pushes directly to client computers with no policy installation required.
- bool
- The administrator can add and remove the users who are permitted to log on to Endpoint Security client computers with Full Disk Encryption.
- Edit
Endpoint boolPolicies - Available only if manage-policies-and-software-deployment is set to true.
- Edit
Software boolDeployment - The administrator can define deployment rules, create packages for export, and configure advanced package settings.Available only if manage-policies-and-software-deployment is set to true.
- Manage
Policies boolAnd Software Deployment - The administrator can work with policies, rules and actions.
- Policies
Installation bool - The administrator can install policies on endpoint computers.
- Recovery
Media bool - The administrator can create recovery media on endpoint computers and devices.
- Remote
Help bool - The administrator can use the Remote Help feature to reset user passwords and give access to locked out users.
- Reset
Computer boolData - The administrator can reset a computer, which deletes all information about the computer from the Security Management Server.
- Software
Deployment boolInstallation - The administrator can deploy packages and install endpoint clients.
- Allow
Executing boolPush Operations - The administrator can start operations that the Security Management Server pushes directly to client computers with no policy installation required.
- bool
- The administrator can add and remove the users who are permitted to log on to Endpoint Security client computers with Full Disk Encryption.
- Edit
Endpoint boolPolicies - Available only if manage-policies-and-software-deployment is set to true.
- Edit
Software boolDeployment - The administrator can define deployment rules, create packages for export, and configure advanced package settings.Available only if manage-policies-and-software-deployment is set to true.
- Manage
Policies boolAnd Software Deployment - The administrator can work with policies, rules and actions.
- Policies
Installation bool - The administrator can install policies on endpoint computers.
- Recovery
Media bool - The administrator can create recovery media on endpoint computers and devices.
- Remote
Help bool - The administrator can use the Remote Help feature to reset user passwords and give access to locked out users.
- Reset
Computer boolData - The administrator can reset a computer, which deletes all information about the computer from the Security Management Server.
- Software
Deployment boolInstallation - The administrator can deploy packages and install endpoint clients.
- allow
Executing BooleanPush Operations - The administrator can start operations that the Security Management Server pushes directly to client computers with no policy installation required.
- Boolean
- The administrator can add and remove the users who are permitted to log on to Endpoint Security client computers with Full Disk Encryption.
- edit
Endpoint BooleanPolicies - Available only if manage-policies-and-software-deployment is set to true.
- edit
Software BooleanDeployment - The administrator can define deployment rules, create packages for export, and configure advanced package settings.Available only if manage-policies-and-software-deployment is set to true.
- manage
Policies BooleanAnd Software Deployment - The administrator can work with policies, rules and actions.
- policies
Installation Boolean - The administrator can install policies on endpoint computers.
- recovery
Media Boolean - The administrator can create recovery media on endpoint computers and devices.
- remote
Help Boolean - The administrator can use the Remote Help feature to reset user passwords and give access to locked out users.
- reset
Computer BooleanData - The administrator can reset a computer, which deletes all information about the computer from the Security Management Server.
- software
Deployment BooleanInstallation - The administrator can deploy packages and install endpoint clients.
- allow
Executing booleanPush Operations - The administrator can start operations that the Security Management Server pushes directly to client computers with no policy installation required.
- boolean
- The administrator can add and remove the users who are permitted to log on to Endpoint Security client computers with Full Disk Encryption.
- edit
Endpoint booleanPolicies - Available only if manage-policies-and-software-deployment is set to true.
- edit
Software booleanDeployment - The administrator can define deployment rules, create packages for export, and configure advanced package settings.Available only if manage-policies-and-software-deployment is set to true.
- manage
Policies booleanAnd Software Deployment - The administrator can work with policies, rules and actions.
- policies
Installation boolean - The administrator can install policies on endpoint computers.
- recovery
Media boolean - The administrator can create recovery media on endpoint computers and devices.
- remote
Help boolean - The administrator can use the Remote Help feature to reset user passwords and give access to locked out users.
- reset
Computer booleanData - The administrator can reset a computer, which deletes all information about the computer from the Security Management Server.
- software
Deployment booleanInstallation - The administrator can deploy packages and install endpoint clients.
- allow_
executing_ boolpush_ operations - The administrator can start operations that the Security Management Server pushes directly to client computers with no policy installation required.
- bool
- The administrator can add and remove the users who are permitted to log on to Endpoint Security client computers with Full Disk Encryption.
- edit_
endpoint_ boolpolicies - Available only if manage-policies-and-software-deployment is set to true.
- edit_
software_ booldeployment - The administrator can define deployment rules, create packages for export, and configure advanced package settings.Available only if manage-policies-and-software-deployment is set to true.
- manage_
policies_ booland_ software_ deployment - The administrator can work with policies, rules and actions.
- policies_
installation bool - The administrator can install policies on endpoint computers.
- recovery_
media bool - The administrator can create recovery media on endpoint computers and devices.
- remote_
help bool - The administrator can use the Remote Help feature to reset user passwords and give access to locked out users.
- reset_
computer_ booldata - The administrator can reset a computer, which deletes all information about the computer from the Security Management Server.
- software_
deployment_ boolinstallation - The administrator can deploy packages and install endpoint clients.
- allow
Executing BooleanPush Operations - The administrator can start operations that the Security Management Server pushes directly to client computers with no policy installation required.
- Boolean
- The administrator can add and remove the users who are permitted to log on to Endpoint Security client computers with Full Disk Encryption.
- edit
Endpoint BooleanPolicies - Available only if manage-policies-and-software-deployment is set to true.
- edit
Software BooleanDeployment - The administrator can define deployment rules, create packages for export, and configure advanced package settings.Available only if manage-policies-and-software-deployment is set to true.
- manage
Policies BooleanAnd Software Deployment - The administrator can work with policies, rules and actions.
- policies
Installation Boolean - The administrator can install policies on endpoint computers.
- recovery
Media Boolean - The administrator can create recovery media on endpoint computers and devices.
- remote
Help Boolean - The administrator can use the Remote Help feature to reset user passwords and give access to locked out users.
- reset
Computer BooleanData - The administrator can reset a computer, which deletes all information about the computer from the Security Management Server.
- software
Deployment BooleanInstallation - The administrator can deploy packages and install endpoint clients.
ManagementDomainPermissionsProfileEventsAndReports, ManagementDomainPermissionsProfileEventsAndReportsArgs
- Events string
- Work with event queries on the Events tab. Create custom event queries.Available only if smart-event is set to 'Custom'.
- Policy string
- Configure SmartEvent Policy rules and install SmartEvent Policies.Available only if smart-event is set to 'Custom'.
- Reports bool
- Create and run SmartEvent reports.Available only if smart-event is set to 'Custom'.
- Smart
Event string - 'Custom' - Configure SmartEvent permissions.
- Events string
- Work with event queries on the Events tab. Create custom event queries.Available only if smart-event is set to 'Custom'.
- Policy string
- Configure SmartEvent Policy rules and install SmartEvent Policies.Available only if smart-event is set to 'Custom'.
- Reports bool
- Create and run SmartEvent reports.Available only if smart-event is set to 'Custom'.
- Smart
Event string - 'Custom' - Configure SmartEvent permissions.
- events String
- Work with event queries on the Events tab. Create custom event queries.Available only if smart-event is set to 'Custom'.
- policy String
- Configure SmartEvent Policy rules and install SmartEvent Policies.Available only if smart-event is set to 'Custom'.
- reports Boolean
- Create and run SmartEvent reports.Available only if smart-event is set to 'Custom'.
- smart
Event String - 'Custom' - Configure SmartEvent permissions.
- events string
- Work with event queries on the Events tab. Create custom event queries.Available only if smart-event is set to 'Custom'.
- policy string
- Configure SmartEvent Policy rules and install SmartEvent Policies.Available only if smart-event is set to 'Custom'.
- reports boolean
- Create and run SmartEvent reports.Available only if smart-event is set to 'Custom'.
- smart
Event string - 'Custom' - Configure SmartEvent permissions.
- events str
- Work with event queries on the Events tab. Create custom event queries.Available only if smart-event is set to 'Custom'.
- policy str
- Configure SmartEvent Policy rules and install SmartEvent Policies.Available only if smart-event is set to 'Custom'.
- reports bool
- Create and run SmartEvent reports.Available only if smart-event is set to 'Custom'.
- smart_
event str - 'Custom' - Configure SmartEvent permissions.
- events String
- Work with event queries on the Events tab. Create custom event queries.Available only if smart-event is set to 'Custom'.
- policy String
- Configure SmartEvent Policy rules and install SmartEvent Policies.Available only if smart-event is set to 'Custom'.
- reports Boolean
- Create and run SmartEvent reports.Available only if smart-event is set to 'Custom'.
- smart
Event String - 'Custom' - Configure SmartEvent permissions.
ManagementDomainPermissionsProfileGateways, ManagementDomainPermissionsProfileGatewaysArgs
- Lsm
Gw stringDb - Access to objects defined in LSM gateway tables. These objects are managed in the SmartProvisioning GUI or LSMcli command-line.Note: 'Write' permission on lsm-gw-db allows administrator to run a script on SmartLSM gateway in Expert mode.
- Manage
Provisioning stringProfiles - Administrator can add, edit, delete, and assign provisioning profiles to gateways (both LSM and non-LSM).Available for edit only if lsm-gw-db is set with 'Write' permission.Note: 'Read' permission on lsm-gw-db enables 'Read' permission for manage-provisioning-profiles.
- Manage
Repository stringScripts - Add, change and remove scripts in the repository.
- Open
Shell bool - Use the SmartConsole CLI to run commands.
- Run
One boolTime Script - Run user scripts from the command line.
- Run
Repository boolScript - Run scripts from the repository.
- Smart
Update string - Install, update and delete Check Point licenses. This includes permissions to use SmartUpdate to manage licenses.
- System
Backup bool - Backup Security Gateways.
- System
Restore bool - Restore Security Gateways from saved backups.
- Vsx
Provisioning bool - Create and configure Virtual Systems and other VSX virtual objects.
- Lsm
Gw stringDb - Access to objects defined in LSM gateway tables. These objects are managed in the SmartProvisioning GUI or LSMcli command-line.Note: 'Write' permission on lsm-gw-db allows administrator to run a script on SmartLSM gateway in Expert mode.
- Manage
Provisioning stringProfiles - Administrator can add, edit, delete, and assign provisioning profiles to gateways (both LSM and non-LSM).Available for edit only if lsm-gw-db is set with 'Write' permission.Note: 'Read' permission on lsm-gw-db enables 'Read' permission for manage-provisioning-profiles.
- Manage
Repository stringScripts - Add, change and remove scripts in the repository.
- Open
Shell bool - Use the SmartConsole CLI to run commands.
- Run
One boolTime Script - Run user scripts from the command line.
- Run
Repository boolScript - Run scripts from the repository.
- Smart
Update string - Install, update and delete Check Point licenses. This includes permissions to use SmartUpdate to manage licenses.
- System
Backup bool - Backup Security Gateways.
- System
Restore bool - Restore Security Gateways from saved backups.
- Vsx
Provisioning bool - Create and configure Virtual Systems and other VSX virtual objects.
- lsm
Gw StringDb - Access to objects defined in LSM gateway tables. These objects are managed in the SmartProvisioning GUI or LSMcli command-line.Note: 'Write' permission on lsm-gw-db allows administrator to run a script on SmartLSM gateway in Expert mode.
- manage
Provisioning StringProfiles - Administrator can add, edit, delete, and assign provisioning profiles to gateways (both LSM and non-LSM).Available for edit only if lsm-gw-db is set with 'Write' permission.Note: 'Read' permission on lsm-gw-db enables 'Read' permission for manage-provisioning-profiles.
- manage
Repository StringScripts - Add, change and remove scripts in the repository.
- open
Shell Boolean - Use the SmartConsole CLI to run commands.
- run
One BooleanTime Script - Run user scripts from the command line.
- run
Repository BooleanScript - Run scripts from the repository.
- smart
Update String - Install, update and delete Check Point licenses. This includes permissions to use SmartUpdate to manage licenses.
- system
Backup Boolean - Backup Security Gateways.
- system
Restore Boolean - Restore Security Gateways from saved backups.
- vsx
Provisioning Boolean - Create and configure Virtual Systems and other VSX virtual objects.
- lsm
Gw stringDb - Access to objects defined in LSM gateway tables. These objects are managed in the SmartProvisioning GUI or LSMcli command-line.Note: 'Write' permission on lsm-gw-db allows administrator to run a script on SmartLSM gateway in Expert mode.
- manage
Provisioning stringProfiles - Administrator can add, edit, delete, and assign provisioning profiles to gateways (both LSM and non-LSM).Available for edit only if lsm-gw-db is set with 'Write' permission.Note: 'Read' permission on lsm-gw-db enables 'Read' permission for manage-provisioning-profiles.
- manage
Repository stringScripts - Add, change and remove scripts in the repository.
- open
Shell boolean - Use the SmartConsole CLI to run commands.
- run
One booleanTime Script - Run user scripts from the command line.
- run
Repository booleanScript - Run scripts from the repository.
- smart
Update string - Install, update and delete Check Point licenses. This includes permissions to use SmartUpdate to manage licenses.
- system
Backup boolean - Backup Security Gateways.
- system
Restore boolean - Restore Security Gateways from saved backups.
- vsx
Provisioning boolean - Create and configure Virtual Systems and other VSX virtual objects.
- lsm_
gw_ strdb - Access to objects defined in LSM gateway tables. These objects are managed in the SmartProvisioning GUI or LSMcli command-line.Note: 'Write' permission on lsm-gw-db allows administrator to run a script on SmartLSM gateway in Expert mode.
- manage_
provisioning_ strprofiles - Administrator can add, edit, delete, and assign provisioning profiles to gateways (both LSM and non-LSM).Available for edit only if lsm-gw-db is set with 'Write' permission.Note: 'Read' permission on lsm-gw-db enables 'Read' permission for manage-provisioning-profiles.
- manage_
repository_ strscripts - Add, change and remove scripts in the repository.
- open_
shell bool - Use the SmartConsole CLI to run commands.
- run_
one_ booltime_ script - Run user scripts from the command line.
- run_
repository_ boolscript - Run scripts from the repository.
- smart_
update str - Install, update and delete Check Point licenses. This includes permissions to use SmartUpdate to manage licenses.
- system_
backup bool - Backup Security Gateways.
- system_
restore bool - Restore Security Gateways from saved backups.
- vsx_
provisioning bool - Create and configure Virtual Systems and other VSX virtual objects.
- lsm
Gw StringDb - Access to objects defined in LSM gateway tables. These objects are managed in the SmartProvisioning GUI or LSMcli command-line.Note: 'Write' permission on lsm-gw-db allows administrator to run a script on SmartLSM gateway in Expert mode.
- manage
Provisioning StringProfiles - Administrator can add, edit, delete, and assign provisioning profiles to gateways (both LSM and non-LSM).Available for edit only if lsm-gw-db is set with 'Write' permission.Note: 'Read' permission on lsm-gw-db enables 'Read' permission for manage-provisioning-profiles.
- manage
Repository StringScripts - Add, change and remove scripts in the repository.
- open
Shell Boolean - Use the SmartConsole CLI to run commands.
- run
One BooleanTime Script - Run user scripts from the command line.
- run
Repository BooleanScript - Run scripts from the repository.
- smart
Update String - Install, update and delete Check Point licenses. This includes permissions to use SmartUpdate to manage licenses.
- system
Backup Boolean - Backup Security Gateways.
- system
Restore Boolean - Restore Security Gateways from saved backups.
- vsx
Provisioning Boolean - Create and configure Virtual Systems and other VSX virtual objects.
ManagementDomainPermissionsProfileManagement, ManagementDomainPermissionsProfileManagementArgs
- Approve
Or boolReject Sessions - Approve / reject other sessions.
- Cme
Operations string - Permission to read / edit the Cloud Management Extension (CME) configuration.Not supported for Multi-Domain Servers.
- High
Availability boolOperations - Configure and work with Domain High Availability.Only a 'Customized' permission-type profile can edit this permission.
- Manage
Admins bool - Controls the ability to manage Administrators, Permission Profiles, Trusted clients,API settings and Policy settings.Only a "Read Write All" permission-type profile can edit this permission.Not supported for Multi-Domain Servers.
- Manage
Integration boolWith Cloud Services - Manage integration with Cloud Services.
- Manage
Sessions bool - Lets you disconnect, discard, publish, or take over other administrator sessions.Only a "Read Write All" permission-type profile can edit this permission.
- Management
Api boolLogin - Permission to log in to the Security Management Server and run API commands using thesetools: mgmt_cli (Linux and Windows binaries), Gaia CLI (clish) and Web Services (REST). Useful if you want to prevent administrators from running automatic scripts on the Management.Note: This permission is not required to run commands from within the API terminal in SmartConsole.Not supported for Multi-Domain Servers.
- Publish
Sessions bool - Allow session publishing without an approval.
- Approve
Or boolReject Sessions - Approve / reject other sessions.
- Cme
Operations string - Permission to read / edit the Cloud Management Extension (CME) configuration.Not supported for Multi-Domain Servers.
- High
Availability boolOperations - Configure and work with Domain High Availability.Only a 'Customized' permission-type profile can edit this permission.
- Manage
Admins bool - Controls the ability to manage Administrators, Permission Profiles, Trusted clients,API settings and Policy settings.Only a "Read Write All" permission-type profile can edit this permission.Not supported for Multi-Domain Servers.
- Manage
Integration boolWith Cloud Services - Manage integration with Cloud Services.
- Manage
Sessions bool - Lets you disconnect, discard, publish, or take over other administrator sessions.Only a "Read Write All" permission-type profile can edit this permission.
- Management
Api boolLogin - Permission to log in to the Security Management Server and run API commands using thesetools: mgmt_cli (Linux and Windows binaries), Gaia CLI (clish) and Web Services (REST). Useful if you want to prevent administrators from running automatic scripts on the Management.Note: This permission is not required to run commands from within the API terminal in SmartConsole.Not supported for Multi-Domain Servers.
- Publish
Sessions bool - Allow session publishing without an approval.
- approve
Or BooleanReject Sessions - Approve / reject other sessions.
- cme
Operations String - Permission to read / edit the Cloud Management Extension (CME) configuration.Not supported for Multi-Domain Servers.
- high
Availability BooleanOperations - Configure and work with Domain High Availability.Only a 'Customized' permission-type profile can edit this permission.
- manage
Admins Boolean - Controls the ability to manage Administrators, Permission Profiles, Trusted clients,API settings and Policy settings.Only a "Read Write All" permission-type profile can edit this permission.Not supported for Multi-Domain Servers.
- manage
Integration BooleanWith Cloud Services - Manage integration with Cloud Services.
- manage
Sessions Boolean - Lets you disconnect, discard, publish, or take over other administrator sessions.Only a "Read Write All" permission-type profile can edit this permission.
- management
Api BooleanLogin - Permission to log in to the Security Management Server and run API commands using thesetools: mgmt_cli (Linux and Windows binaries), Gaia CLI (clish) and Web Services (REST). Useful if you want to prevent administrators from running automatic scripts on the Management.Note: This permission is not required to run commands from within the API terminal in SmartConsole.Not supported for Multi-Domain Servers.
- publish
Sessions Boolean - Allow session publishing without an approval.
- approve
Or booleanReject Sessions - Approve / reject other sessions.
- cme
Operations string - Permission to read / edit the Cloud Management Extension (CME) configuration.Not supported for Multi-Domain Servers.
- high
Availability booleanOperations - Configure and work with Domain High Availability.Only a 'Customized' permission-type profile can edit this permission.
- manage
Admins boolean - Controls the ability to manage Administrators, Permission Profiles, Trusted clients,API settings and Policy settings.Only a "Read Write All" permission-type profile can edit this permission.Not supported for Multi-Domain Servers.
- manage
Integration booleanWith Cloud Services - Manage integration with Cloud Services.
- manage
Sessions boolean - Lets you disconnect, discard, publish, or take over other administrator sessions.Only a "Read Write All" permission-type profile can edit this permission.
- management
Api booleanLogin - Permission to log in to the Security Management Server and run API commands using thesetools: mgmt_cli (Linux and Windows binaries), Gaia CLI (clish) and Web Services (REST). Useful if you want to prevent administrators from running automatic scripts on the Management.Note: This permission is not required to run commands from within the API terminal in SmartConsole.Not supported for Multi-Domain Servers.
- publish
Sessions boolean - Allow session publishing without an approval.
- approve_
or_ boolreject_ sessions - Approve / reject other sessions.
- cme_
operations str - Permission to read / edit the Cloud Management Extension (CME) configuration.Not supported for Multi-Domain Servers.
- high_
availability_ booloperations - Configure and work with Domain High Availability.Only a 'Customized' permission-type profile can edit this permission.
- manage_
admins bool - Controls the ability to manage Administrators, Permission Profiles, Trusted clients,API settings and Policy settings.Only a "Read Write All" permission-type profile can edit this permission.Not supported for Multi-Domain Servers.
- manage_
integration_ boolwith_ cloud_ services - Manage integration with Cloud Services.
- manage_
sessions bool - Lets you disconnect, discard, publish, or take over other administrator sessions.Only a "Read Write All" permission-type profile can edit this permission.
- management_
api_ boollogin - Permission to log in to the Security Management Server and run API commands using thesetools: mgmt_cli (Linux and Windows binaries), Gaia CLI (clish) and Web Services (REST). Useful if you want to prevent administrators from running automatic scripts on the Management.Note: This permission is not required to run commands from within the API terminal in SmartConsole.Not supported for Multi-Domain Servers.
- publish_
sessions bool - Allow session publishing without an approval.
- approve
Or BooleanReject Sessions - Approve / reject other sessions.
- cme
Operations String - Permission to read / edit the Cloud Management Extension (CME) configuration.Not supported for Multi-Domain Servers.
- high
Availability BooleanOperations - Configure and work with Domain High Availability.Only a 'Customized' permission-type profile can edit this permission.
- manage
Admins Boolean - Controls the ability to manage Administrators, Permission Profiles, Trusted clients,API settings and Policy settings.Only a "Read Write All" permission-type profile can edit this permission.Not supported for Multi-Domain Servers.
- manage
Integration BooleanWith Cloud Services - Manage integration with Cloud Services.
- manage
Sessions Boolean - Lets you disconnect, discard, publish, or take over other administrator sessions.Only a "Read Write All" permission-type profile can edit this permission.
- management
Api BooleanLogin - Permission to log in to the Security Management Server and run API commands using thesetools: mgmt_cli (Linux and Windows binaries), Gaia CLI (clish) and Web Services (REST). Useful if you want to prevent administrators from running automatic scripts on the Management.Note: This permission is not required to run commands from within the API terminal in SmartConsole.Not supported for Multi-Domain Servers.
- publish
Sessions Boolean - Allow session publishing without an approval.
ManagementDomainPermissionsProfileMonitoringAndLogging, ManagementDomainPermissionsProfileMonitoringAndLoggingArgs
- App
And boolUrl Filtering Logs - Work with Application and URL Filtering logs.
- Dlp
Logs boolIncluding Confidential Fields - Show DLP logs including confidential fields.
- Https
Inspection boolLogs - See logs generated by HTTPS Inspection.
- Identities bool
- Show user and computer identity information in logs.
- Manage
Dlp boolMessages - View/Release/Discard DLP messages.Available only if dlp-logs-including-confidential-fields is set to true.
- Management
Logs string - See Multi-Domain Server audit logs.
- Monitoring string
- See monitoring views and reports.
- Packet
Capture boolAnd Forensics - See logs generated by the IPS and Forensics features.
- Show
Identities boolBy Default - Show user and computer identity information in logs by default.
- Show
Packet boolCapture By Default - Enable packet capture by default.
- Track
Logs string - Use the log tracking features in SmartConsole.
- App
And boolUrl Filtering Logs - Work with Application and URL Filtering logs.
- Dlp
Logs boolIncluding Confidential Fields - Show DLP logs including confidential fields.
- Https
Inspection boolLogs - See logs generated by HTTPS Inspection.
- Identities bool
- Show user and computer identity information in logs.
- Manage
Dlp boolMessages - View/Release/Discard DLP messages.Available only if dlp-logs-including-confidential-fields is set to true.
- Management
Logs string - See Multi-Domain Server audit logs.
- Monitoring string
- See monitoring views and reports.
- Packet
Capture boolAnd Forensics - See logs generated by the IPS and Forensics features.
- Show
Identities boolBy Default - Show user and computer identity information in logs by default.
- Show
Packet boolCapture By Default - Enable packet capture by default.
- Track
Logs string - Use the log tracking features in SmartConsole.
- app
And BooleanUrl Filtering Logs - Work with Application and URL Filtering logs.
- dlp
Logs BooleanIncluding Confidential Fields - Show DLP logs including confidential fields.
- https
Inspection BooleanLogs - See logs generated by HTTPS Inspection.
- identities Boolean
- Show user and computer identity information in logs.
- manage
Dlp BooleanMessages - View/Release/Discard DLP messages.Available only if dlp-logs-including-confidential-fields is set to true.
- management
Logs String - See Multi-Domain Server audit logs.
- monitoring String
- See monitoring views and reports.
- packet
Capture BooleanAnd Forensics - See logs generated by the IPS and Forensics features.
- show
Identities BooleanBy Default - Show user and computer identity information in logs by default.
- show
Packet BooleanCapture By Default - Enable packet capture by default.
- track
Logs String - Use the log tracking features in SmartConsole.
- app
And booleanUrl Filtering Logs - Work with Application and URL Filtering logs.
- dlp
Logs booleanIncluding Confidential Fields - Show DLP logs including confidential fields.
- https
Inspection booleanLogs - See logs generated by HTTPS Inspection.
- identities boolean
- Show user and computer identity information in logs.
- manage
Dlp booleanMessages - View/Release/Discard DLP messages.Available only if dlp-logs-including-confidential-fields is set to true.
- management
Logs string - See Multi-Domain Server audit logs.
- monitoring string
- See monitoring views and reports.
- packet
Capture booleanAnd Forensics - See logs generated by the IPS and Forensics features.
- show
Identities booleanBy Default - Show user and computer identity information in logs by default.
- show
Packet booleanCapture By Default - Enable packet capture by default.
- track
Logs string - Use the log tracking features in SmartConsole.
- app_
and_ boolurl_ filtering_ logs - Work with Application and URL Filtering logs.
- dlp_
logs_ boolincluding_ confidential_ fields - Show DLP logs including confidential fields.
- https_
inspection_ boollogs - See logs generated by HTTPS Inspection.
- identities bool
- Show user and computer identity information in logs.
- manage_
dlp_ boolmessages - View/Release/Discard DLP messages.Available only if dlp-logs-including-confidential-fields is set to true.
- management_
logs str - See Multi-Domain Server audit logs.
- monitoring str
- See monitoring views and reports.
- packet_
capture_ booland_ forensics - See logs generated by the IPS and Forensics features.
- show_
identities_ boolby_ default - Show user and computer identity information in logs by default.
- show_
packet_ boolcapture_ by_ default - Enable packet capture by default.
- track_
logs str - Use the log tracking features in SmartConsole.
- app
And BooleanUrl Filtering Logs - Work with Application and URL Filtering logs.
- dlp
Logs BooleanIncluding Confidential Fields - Show DLP logs including confidential fields.
- https
Inspection BooleanLogs - See logs generated by HTTPS Inspection.
- identities Boolean
- Show user and computer identity information in logs.
- manage
Dlp BooleanMessages - View/Release/Discard DLP messages.Available only if dlp-logs-including-confidential-fields is set to true.
- management
Logs String - See Multi-Domain Server audit logs.
- monitoring String
- See monitoring views and reports.
- packet
Capture BooleanAnd Forensics - See logs generated by the IPS and Forensics features.
- show
Identities BooleanBy Default - Show user and computer identity information in logs by default.
- show
Packet BooleanCapture By Default - Enable packet capture by default.
- track
Logs String - Use the log tracking features in SmartConsole.
ManagementDomainPermissionsProfileOthers, ManagementDomainPermissionsProfileOthersArgs
- Client
Certificates bool - Create and manage client certificates for Mobile Access.
- Edit
Cp boolUsers Db - Work with user accounts and groups.
- Https
Inspection string - Enable and configure HTTPS Inspection rules.
- Ldap
Users stringDb - Work with the LDAP database and user accounts, groups and OUs.
- string
- Work with Check Point User Authority authentication.
- User
Device stringMgmt Conf - Gives access to the UDM (User & Device Management) web-based application that handles security challenges in a "bring your own device" (BYOD) workspace.
- Client
Certificates bool - Create and manage client certificates for Mobile Access.
- Edit
Cp boolUsers Db - Work with user accounts and groups.
- Https
Inspection string - Enable and configure HTTPS Inspection rules.
- Ldap
Users stringDb - Work with the LDAP database and user accounts, groups and OUs.
- string
- Work with Check Point User Authority authentication.
- User
Device stringMgmt Conf - Gives access to the UDM (User & Device Management) web-based application that handles security challenges in a "bring your own device" (BYOD) workspace.
- client
Certificates Boolean - Create and manage client certificates for Mobile Access.
- edit
Cp BooleanUsers Db - Work with user accounts and groups.
- https
Inspection String - Enable and configure HTTPS Inspection rules.
- ldap
Users StringDb - Work with the LDAP database and user accounts, groups and OUs.
- String
- Work with Check Point User Authority authentication.
- user
Device StringMgmt Conf - Gives access to the UDM (User & Device Management) web-based application that handles security challenges in a "bring your own device" (BYOD) workspace.
- client
Certificates boolean - Create and manage client certificates for Mobile Access.
- edit
Cp booleanUsers Db - Work with user accounts and groups.
- https
Inspection string - Enable and configure HTTPS Inspection rules.
- ldap
Users stringDb - Work with the LDAP database and user accounts, groups and OUs.
- string
- Work with Check Point User Authority authentication.
- user
Device stringMgmt Conf - Gives access to the UDM (User & Device Management) web-based application that handles security challenges in a "bring your own device" (BYOD) workspace.
- client_
certificates bool - Create and manage client certificates for Mobile Access.
- edit_
cp_ boolusers_ db - Work with user accounts and groups.
- https_
inspection str - Enable and configure HTTPS Inspection rules.
- ldap_
users_ strdb - Work with the LDAP database and user accounts, groups and OUs.
- str
- Work with Check Point User Authority authentication.
- user_
device_ strmgmt_ conf - Gives access to the UDM (User & Device Management) web-based application that handles security challenges in a "bring your own device" (BYOD) workspace.
- client
Certificates Boolean - Create and manage client certificates for Mobile Access.
- edit
Cp BooleanUsers Db - Work with user accounts and groups.
- https
Inspection String - Enable and configure HTTPS Inspection rules.
- ldap
Users StringDb - Work with the LDAP database and user accounts, groups and OUs.
- String
- Work with Check Point User Authority authentication.
- user
Device StringMgmt Conf - Gives access to the UDM (User & Device Management) web-based application that handles security challenges in a "bring your own device" (BYOD) workspace.
ManagementDomainPermissionsProfileThreatPrevention, ManagementDomainPermissionsProfileThreatPreventionArgs
- Edit
Layers string - 'ALL' - Gives permission to edit all layers."By Selected Profile In A Layer Editor" - Administrators can only edit the layer if the Threat Prevention layer editor gives editing permission to their profiles.Available only if policy-layers is set to 'Write'.
- Edit
Settings bool - Work with general Threat Prevention settings.
- Install
Policy bool - Install Policies.
- Ips
Update bool - Update IPS protections.Note: You do not have to log into the User Center to receive IPS updates.
- Policy
Exceptions string - Configure exceptions to Threat Prevention rules.Note: To have policy-exceptions you must set the protections permission.
- Policy
Layers string - Configure Threat Prevention Policy rules.Note: To have policy-layers permissions you must set policy-exceptionsand profiles permissions. To have 'Write' permissions for policy-layers, policy-exceptions must be set with 'Write' permission as well.
- Profiles string
- Configure Threat Prevention profiles.
- Protections string
- Work with malware protections.
- Edit
Layers string - 'ALL' - Gives permission to edit all layers."By Selected Profile In A Layer Editor" - Administrators can only edit the layer if the Threat Prevention layer editor gives editing permission to their profiles.Available only if policy-layers is set to 'Write'.
- Edit
Settings bool - Work with general Threat Prevention settings.
- Install
Policy bool - Install Policies.
- Ips
Update bool - Update IPS protections.Note: You do not have to log into the User Center to receive IPS updates.
- Policy
Exceptions string - Configure exceptions to Threat Prevention rules.Note: To have policy-exceptions you must set the protections permission.
- Policy
Layers string - Configure Threat Prevention Policy rules.Note: To have policy-layers permissions you must set policy-exceptionsand profiles permissions. To have 'Write' permissions for policy-layers, policy-exceptions must be set with 'Write' permission as well.
- Profiles string
- Configure Threat Prevention profiles.
- Protections string
- Work with malware protections.
- edit
Layers String - 'ALL' - Gives permission to edit all layers."By Selected Profile In A Layer Editor" - Administrators can only edit the layer if the Threat Prevention layer editor gives editing permission to their profiles.Available only if policy-layers is set to 'Write'.
- edit
Settings Boolean - Work with general Threat Prevention settings.
- install
Policy Boolean - Install Policies.
- ips
Update Boolean - Update IPS protections.Note: You do not have to log into the User Center to receive IPS updates.
- policy
Exceptions String - Configure exceptions to Threat Prevention rules.Note: To have policy-exceptions you must set the protections permission.
- policy
Layers String - Configure Threat Prevention Policy rules.Note: To have policy-layers permissions you must set policy-exceptionsand profiles permissions. To have 'Write' permissions for policy-layers, policy-exceptions must be set with 'Write' permission as well.
- profiles String
- Configure Threat Prevention profiles.
- protections String
- Work with malware protections.
- edit
Layers string - 'ALL' - Gives permission to edit all layers."By Selected Profile In A Layer Editor" - Administrators can only edit the layer if the Threat Prevention layer editor gives editing permission to their profiles.Available only if policy-layers is set to 'Write'.
- edit
Settings boolean - Work with general Threat Prevention settings.
- install
Policy boolean - Install Policies.
- ips
Update boolean - Update IPS protections.Note: You do not have to log into the User Center to receive IPS updates.
- policy
Exceptions string - Configure exceptions to Threat Prevention rules.Note: To have policy-exceptions you must set the protections permission.
- policy
Layers string - Configure Threat Prevention Policy rules.Note: To have policy-layers permissions you must set policy-exceptionsand profiles permissions. To have 'Write' permissions for policy-layers, policy-exceptions must be set with 'Write' permission as well.
- profiles string
- Configure Threat Prevention profiles.
- protections string
- Work with malware protections.
- edit_
layers str - 'ALL' - Gives permission to edit all layers."By Selected Profile In A Layer Editor" - Administrators can only edit the layer if the Threat Prevention layer editor gives editing permission to their profiles.Available only if policy-layers is set to 'Write'.
- edit_
settings bool - Work with general Threat Prevention settings.
- install_
policy bool - Install Policies.
- ips_
update bool - Update IPS protections.Note: You do not have to log into the User Center to receive IPS updates.
- policy_
exceptions str - Configure exceptions to Threat Prevention rules.Note: To have policy-exceptions you must set the protections permission.
- policy_
layers str - Configure Threat Prevention Policy rules.Note: To have policy-layers permissions you must set policy-exceptionsand profiles permissions. To have 'Write' permissions for policy-layers, policy-exceptions must be set with 'Write' permission as well.
- profiles str
- Configure Threat Prevention profiles.
- protections str
- Work with malware protections.
- edit
Layers String - 'ALL' - Gives permission to edit all layers."By Selected Profile In A Layer Editor" - Administrators can only edit the layer if the Threat Prevention layer editor gives editing permission to their profiles.Available only if policy-layers is set to 'Write'.
- edit
Settings Boolean - Work with general Threat Prevention settings.
- install
Policy Boolean - Install Policies.
- ips
Update Boolean - Update IPS protections.Note: You do not have to log into the User Center to receive IPS updates.
- policy
Exceptions String - Configure exceptions to Threat Prevention rules.Note: To have policy-exceptions you must set the protections permission.
- policy
Layers String - Configure Threat Prevention Policy rules.Note: To have policy-layers permissions you must set policy-exceptionsand profiles permissions. To have 'Write' permissions for policy-layers, policy-exceptions must be set with 'Write' permission as well.
- profiles String
- Configure Threat Prevention profiles.
- protections String
- Work with malware protections.
Package Details
- Repository
- checkpoint checkpointsw/terraform-provider-checkpoint
- License
- Notes
- This Pulumi package is based on the
checkpointTerraform Provider.
Viewing docs for checkpoint 3.0.0
published on Monday, Mar 30, 2026 by checkpointsw
published on Monday, Mar 30, 2026 by checkpointsw
