Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2326
Views
5
Helpful
1
Replies

ISE Read Only admin with limited visibility not working properly

joseaperez
Level 1
Level 1

‎12-30-2020 01:13 PM

i was asked to create an admin group that only have access to certain menu access and RO permissions, but when i create a new policy in the admin access, even if i use the "read only admin data access" in the policy, the users can modify the dACL

 

Why is that? is there something that i missed? 

 

i also tried that in an VM with eval license and the result was the Same

 

PD: if i change the "menu Access" from the default Read Only account, i can succesfully achieve the RO account with limited visibility, but it's not my goal, i want multiple RO groups with different menu access and the only fully RO Grups is the default when you click the read only checkbox in the admin User menu

Labels:
Preview file
38 KB
Preview file
31 KB
Preview file
27 KB
Preview file
78 KB
Preview file
35 KB
1 Reply 1

Marcelo Morais
VIP
VIP

‎02-12-2021 09:49 AM

Hi @joseaperez 

 please check the following bugs:

CSCvb55884 ISE RBAC Network Device Type/Location View not working

CSCvw90961 RBAC rules not enforced in 2.7

 

Hope this helps !!!

0 Helpful
Customers Also Viewed These Support Documents