cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

398
Views
0
Helpful
1
Replies
Highlighted
Beginner

RBAC in ISE 2.2

Hello,

I have some trouble with RBAC on ISE 2.2.0.470 and I hope somebody can clarify this.

I need different Network Device Admin groups for different locations. For example Network Device Admin from France should be able to see and edit Network Devices with location France (my own tag) and an admin from Poland should be able to see and edit all devices from Poland.

so I created different admin user groups  and mapped them with RBAC Policy to default "Network Device Menu Access" view and custom Data groups for different locations, so far it works. But now I have some issues with data access. It doesn't matter which Data Access Privileges I give - users can see all devices or none.

Here is an example for admin user for Poland. in Data Access Permissions only location "Poland" has "Full Access", all other "no Access". But the user is able to see also all other locations.

permissions_ise.png

RBAC Policy.png

poland.PNG

As You can see, the user is also able to see all other locations.

What could be my problem?

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: RBAC in ISE 2.2

1 REPLY 1
Cisco Employee

Re: RBAC in ISE 2.2