10-06-2022 07:09 AM
Team,
I am posting this question today here on the scripts we have for the "/ers" folder vs the "/admin" folder.
So far we have understood that for the API calls, which are using the "/ers" path need to have a username which is a part of the "ERS Admin" group.
The calls or scripts which are a part of the "/admin" group will be another username which is outside of the "ERS Admin" group.
Is that correct?
If correct, which group can I add these username which are a part of the "/admin" group for read-only access?
In the read-only access as well, I would prefer limiting the access.
Regards,
N!
Solved! Go to Solution.
10-06-2022 05:50 PM
I just completed our ISE REST APIs Introduction webinar on Tuesday that explained the ISE API role-based access control options using ERS Admin and ERS Operator groups. It should be posted to our CiscoISE YouTube channel early next week if you want to watch it.
These roles both apply to all /ers resources.
The /admin URLs you are talking about should all be for the ISE Admin GUI and could be any of the roles in the Admin Groups list.
You may assign any ISE Admin Users to one or more Admin Groups including the ERS Operator or ERS Admin Groups:
10-06-2022 05:50 PM
I just completed our ISE REST APIs Introduction webinar on Tuesday that explained the ISE API role-based access control options using ERS Admin and ERS Operator groups. It should be posted to our CiscoISE YouTube channel early next week if you want to watch it.
These roles both apply to all /ers resources.
The /admin URLs you are talking about should all be for the ISE Admin GUI and could be any of the roles in the Admin Groups list.
You may assign any ISE Admin Users to one or more Admin Groups including the ERS Operator or ERS Admin Groups:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide