Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
527
Views
5
Helpful
1
Replies

API calls and scripts for "/ers" vs "/admin" folder in Cisco ISE.

Go to solution
network_geek1979
Level 1
Level 1

‎10-06-2022 07:09 AM

Team,
I am posting this question today here on the scripts we have for the "/ers" folder vs the "/admin" folder.

So far we have understood that for the API calls, which are using the "/ers" path need to have a username which is a part of the "ERS Admin" group.

The calls or scripts which are a part of the "/admin" group will be another username which is outside of the "ERS Admin" group.
Is that correct?

If correct, which group can I add these username which are a part of the "/admin" group for read-only access?
In the read-only access as well, I would prefer limiting the access.


Regards,
N!

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎10-06-2022 05:50 PM

I just completed our ISE REST APIs Introduction webinar on Tuesday that explained the ISE API role-based access control options using ERS Admin and ERS Operator groups.  It should be posted to our CiscoISE YouTube channel early next week if you want to watch it.image.png

These roles both apply to all /ers resources.

The /admin URLs you are talking about should all be for the ISE Admin GUI and could be any of the roles in the Admin Groups list.

You may assign any ISE Admin Users to one or more Admin Groups including the ERS Operator or ERS Admin Groups:

image.png

View solution in original post

1 Reply 1

Go to solution
thomas
Cisco Employee
Cisco Employee

‎10-06-2022 05:50 PM

I just completed our ISE REST APIs Introduction webinar on Tuesday that explained the ISE API role-based access control options using ERS Admin and ERS Operator groups.  It should be posted to our CiscoISE YouTube channel early next week if you want to watch it.image.png

These roles both apply to all /ers resources.

The /admin URLs you are talking about should all be for the ISE Admin GUI and could be any of the roles in the Admin Groups list.

You may assign any ISE Admin Users to one or more Admin Groups including the ERS Operator or ERS Admin Groups:

image.png

Customers Also Viewed These Support Documents