cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
730
Views
0
Helpful
2
Replies

ACS or ISE restricted admins

Nathan Spitzer
Level 1
Level 1

Situation:

Right now I have a 3-node ACS 5.4 (soon to be 5.5) installation which provides network device authentication to a single business units routers/switches/etc. The cluster has the large-site and advanced Logging/monitoring licenses.

 

Now, after running it solely within my business unit for a number of years, various groups in the corporate hierarchy outside my business unit have expressed interest in leveraging our investment to authenticate other kinds of devices controlled by different administrator groups but a sticking point is the inability to restrict ACS administrators beyond which sections of the GUI they can interact with. Because all the different groups are separate administrative entities, there is good reason to want that kind of restriction.   

 

Question

Is there any way in ACS to restrict an administrators access more granularly then GUI elements? For example, Administrator A should only be able to perform CRUD operations on Device group Y, while Administrator B should only be ably to perform CRUD operations on device group Z. If not in ACS, is it possible in ISE? Device groups are the only things really impacted by this, most of the rest can be worked out politically.

 

I will mention that I am not really interested in using the REST API's to create my own front-end unless that really is the only way.

2 Replies 2

edwjames
Level 3
Level 3

Hey,

As of now no options for this feature implementation.

A feature request from your end should get this going.

Regards,

Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed

Venkatesh Attuluri
Cisco Employee
Cisco Employee

for Role-Based Access Control in Cisco ISE

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_man_admin.html#pgfId-1595872

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: