The current version of the CheckPoint Server supports only one permission level of user (CheckPoint Administrators).  

Future versions will include other levels to allow you to accommodate, control and report on third-party re-sellers and affiliates.

CheckPoint Administrators have the highest level of permissions in the CheckPoint server and can perform any task once logged in.  This includes adding, editing and deleting other CheckPoint users,  End-Users, Serial Numbers and virtually any other information.

Keep in mind that the CheckPoint Administrator account is a record in the database used only by the CheckPoint application business-logic. It is not an NT domain user, SQL Server user or otherwise.  Therefore, access on the actual server itself to these types of resources must be separately managed by you in the usual manner.

CheckPoint Administrators (and for that matter all CheckPoint Users) have only a hash of their password stored on the server.  Therefore, it is impossible for a database user to open the CheckPoint Users table and directly view the password needed to log-in to the application.  Likewise, if a password is forgotten, it cannot be retrieved because it is not stored.  In this case the Administrators account must be deleted and recreated with a new password.

More Information

For information on adding and deleting CheckPoint Administrators using the SoftwareShield License Manager, see Add CheckPoint Administrator, and Delete CheckPoint Administrator.