cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

337
Views
0
Helpful
3
Replies
lukeberkheiser
Beginner

ISE ERS API Limited Access

Hello,

 

We have certain teams that have very limited ISE GUI permissions for both Menu and Data. The purpose is to give them as simple an interface as possible but enable them to add/edit/delete endpoints that will have access to their specific network. Their Data Access permissions are limited to a single Endpoint Identity Group. 

 

I'm wondering if there is a way to also give these specific users access to the ERS API, but with the same limited permissions. Are users in the ERS Operator or ERS Admin group also limited to the Data Permissions for the GUI, or do they have access to everything on ISE, either Read-Only or Read & Write? Or is there another way to limit their access?

 

Thanks,

Luke

1 ACCEPTED SOLUTION

Accepted Solutions
Greg Gibbs
Cisco Employee

The ERS Admin and ERS Operator groups have no Menu Access Permissions (and cannot be customised) so admin users associated with these groups cannot login to the GUI.

There is currently no full RBAC functionality for the REST API to limit access to ERS admins/operators. Although we cannot discuss roadmap on this forum, it is likely that future versions of ISE will provide feature enhancements around RBAC for the REST API.

View solution in original post

3 REPLIES 3
Marcelo Morais
Advocate

Hi @lukeberkheiser,

 take a look at: Introduction to ERS API - 2.7, check the prerequisites ...

"Prerequisites for Using the External RESTful Services API Calls
You must fulfill the following prerequisites before invoking an External RESTful Services API call:
• You must have enabled External RESTful Services from the GUI.
• You must have External RESTful Services Admin privileges.
You can use any REST client like JAVA, curl linux command, python or any other client to invoke External RESTful Services API calls."

 

Hope this helps !!!

Greg Gibbs
Cisco Employee

The ERS Admin and ERS Operator groups have no Menu Access Permissions (and cannot be customised) so admin users associated with these groups cannot login to the GUI.

There is currently no full RBAC functionality for the REST API to limit access to ERS admins/operators. Although we cannot discuss roadmap on this forum, it is likely that future versions of ISE will provide feature enhancements around RBAC for the REST API.

View solution in original post

Thank you for the information Greg

Content for Community-Ad