I use ISE 2.4 as a Tacacs Server.
I want to give an administrator privilege to a team in such a way that they can do anything but not update the administrators accounts ( ex: change an admin user from one admin group to another admin group).
So I have created an new Admin group.
I have created an admin authorization menu (show/hide)
I have created an admin data menu.(full access/ ReadOnly Access / No Access)
I have created a policy to link the admin group with the authorization menu and with the data access menu.
This works fine with everything but the identities. These above admin accounts can work with the "User Identity groups" but they cannot see or create an "Identity"(tacacs account).
I don't see anyoption in the data access privilege panel. There is only the "User Identity Groups" option.
Accepted Solutions
Here is how you can give access to be able to only create identities :
This basically lets a user to create/delete/modify a user part of Employee identity group only.
Here is how you can give access to be able to only create identities :
This basically lets a user to create/delete/modify a user part of Employee identity group only.
