07-17-2019 07:33 AM
I use ISE 2.4 as a Tacacs Server.
I want to give an administrator privilege to a team in such a way that they can do anything but not update the administrators accounts ( ex: change an admin user from one admin group to another admin group).
So I have created an new Admin group.
I have created an admin authorization menu (show/hide)
I have created an admin data menu.(full access/ ReadOnly Access / No Access)
I have created a policy to link the admin group with the authorization menu and with the data access menu.
This works fine with everything but the identities. These above admin accounts can work with the "User Identity groups" but they cannot see or create an "Identity"(tacacs account).
I don't see anyoption in the data access privilege panel. There is only the "User Identity Groups" option.
Solved! Go to Solution.
07-17-2019 08:52 AM
Here is how you can give access to be able to only create identities :
This basically lets a user to create/delete/modify a user part of Employee identity group only.
07-17-2019 08:52 AM
Here is how you can give access to be able to only create identities :
This basically lets a user to create/delete/modify a user part of Employee identity group only.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide