https://community.cisco.com/t5/network-access-control/ise-ers-api-limited-access/m-p/4389080#M566791 <P>The ERS Admin and ERS Operator groups have no Menu Access Permissions (and cannot be customised) so admin users associated with these groups cannot login to the GUI.</P> <P>There is currently no full RBAC functionality for the REST API to limit access to ERS admins/operators. Although we cannot discuss roadmap on this forum, it is likely that future versions of ISE will provide feature enhancements around RBAC for the REST API. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Mon, 19 Apr 2021 01:27:56 GMT Greg Gibbs 2021-04-19T01:27:56Z https://community.cisco.com/t5/network-access-control/ise-ers-api-limited-access/m-p/4388443#M566774 <P>Hello,</P><P>&nbsp;</P><P>We have certain teams that have very limited ISE GUI permissions for both Menu and Data. The purpose is to give them as simple an interface as possible but enable them to add/edit/delete endpoints that will have access to their specific network. Their Data Access permissions are limited to a single Endpoint Identity Group.&nbsp;</P><P>&nbsp;</P><P>I'm wondering if there is a way to also give these specific users access to the ERS API, but with the same limited permissions. Are users in the ERS Operator or ERS Admin group also limited to the Data Permissions for the GUI, or do they have access to everything on ISE, either Read-Only or Read &amp; Write? Or is there another way to limit their access?</P><P>&nbsp;</P><P>Thanks,</P><P>Luke</P> Fri, 16 Apr 2021 14:56:32 GMT https://community.cisco.com/t5/network-access-control/ise-ers-api-limited-access/m-p/4388443#M566774 lukeberkheiser 2021-04-16T14:56:32Z https://community.cisco.com/t5/network-access-control/ise-ers-api-limited-access/m-p/4388662#M566778 <P class="lia-align-justify">Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/112766">@lukeberkheiser</a>,</P><P class="lia-align-justify">&nbsp;take a look at: <A href="https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/api_ref_guide/api_ref_book/ise_api_ref_ers1.pdf" target="_blank" rel="noopener">Introduction to ERS API - 2.7</A>, check the <U>prerequisites</U> ...</P><P class="lia-align-justify">"<STRONG><EM>Prerequisites for Using the External RESTful Services API Calls</EM></STRONG><BR /><EM>You <STRONG>must fulfill</STRONG> the following prerequisites before invoking an External RESTful Services API call:</EM><BR /><EM>• You <STRONG>must have</STRONG> <U>enabled External RESTful Services</U> from the GUI.</EM><BR /><EM>• You <STRONG>must have</STRONG> <U>External RESTful Services <STRONG>Admin privileges</STRONG></U>.</EM><BR /><EM>You can use any REST client like JAVA, curl linux command, python or any other client to invoke&nbsp;</EM><EM>External RESTful Services API calls.</EM>"</P><P class="lia-align-justify">&nbsp;</P><P class="lia-align-justify">Hope this helps !!!</P> Sat, 17 Apr 2021 00:39:29 GMT https://community.cisco.com/t5/network-access-control/ise-ers-api-limited-access/m-p/4388662#M566778 Marcelo Morais 2021-04-17T00:39:29Z https://community.cisco.com/t5/network-access-control/ise-ers-api-limited-access/m-p/4389080#M566791 <P>The ERS Admin and ERS Operator groups have no Menu Access Permissions (and cannot be customised) so admin users associated with these groups cannot login to the GUI.</P> <P>There is currently no full RBAC functionality for the REST API to limit access to ERS admins/operators. Although we cannot discuss roadmap on this forum, it is likely that future versions of ISE will provide feature enhancements around RBAC for the REST API. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Mon, 19 Apr 2021 01:27:56 GMT https://community.cisco.com/t5/network-access-control/ise-ers-api-limited-access/m-p/4389080#M566791 Greg Gibbs 2021-04-19T01:27:56Z https://community.cisco.com/t5/network-access-control/ise-ers-api-limited-access/m-p/4389156#M566795 <P>Thank you for the information Greg</P> Mon, 19 Apr 2021 06:06:11 GMT https://community.cisco.com/t5/network-access-control/ise-ers-api-limited-access/m-p/4389156#M566795 lukeberkheiser 2021-04-19T06:06:11Z