04-16-2021 07:56 AM
Hello,
We have certain teams that have very limited ISE GUI permissions for both Menu and Data. The purpose is to give them as simple an interface as possible but enable them to add/edit/delete endpoints that will have access to their specific network. Their Data Access permissions are limited to a single Endpoint Identity Group.
I'm wondering if there is a way to also give these specific users access to the ERS API, but with the same limited permissions. Are users in the ERS Operator or ERS Admin group also limited to the Data Permissions for the GUI, or do they have access to everything on ISE, either Read-Only or Read & Write? Or is there another way to limit their access?
Thanks,
Luke
Solved! Go to Solution.
04-18-2021 06:27 PM
The ERS Admin and ERS Operator groups have no Menu Access Permissions (and cannot be customised) so admin users associated with these groups cannot login to the GUI.
There is currently no full RBAC functionality for the REST API to limit access to ERS admins/operators. Although we cannot discuss roadmap on this forum, it is likely that future versions of ISE will provide feature enhancements around RBAC for the REST API.
04-16-2021 05:39 PM
Hi @lukeberkheiser,
take a look at: Introduction to ERS API - 2.7, check the prerequisites ...
"Prerequisites for Using the External RESTful Services API Calls
You must fulfill the following prerequisites before invoking an External RESTful Services API call:
• You must have enabled External RESTful Services from the GUI.
• You must have External RESTful Services Admin privileges.
You can use any REST client like JAVA, curl linux command, python or any other client to invoke External RESTful Services API calls."
Hope this helps !!!
04-18-2021 06:27 PM
The ERS Admin and ERS Operator groups have no Menu Access Permissions (and cannot be customised) so admin users associated with these groups cannot login to the GUI.
There is currently no full RBAC functionality for the REST API to limit access to ERS admins/operators. Although we cannot discuss roadmap on this forum, it is likely that future versions of ISE will provide feature enhancements around RBAC for the REST API.
04-18-2021 11:06 PM
Thank you for the information Greg
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide