Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1106
Views
0
Helpful
1
Replies

RBAC in ISE 2.2

Go to solution
Thomas Schmitt
Level 1
Level 1

‎11-24-2017 01:38 AM

Hello,

I have some trouble with RBAC on ISE 2.2.0.470 and I hope somebody can clarify this.

I need different Network Device Admin groups for different locations. For example Network Device Admin from France should be able to see and edit Network Devices with location France (my own tag) and an admin from Poland should be able to see and edit all devices from Poland.

so I created different admin user groups  and mapped them with RBAC Policy to default "Network Device Menu Access" view and custom Data groups for different locations, so far it works. But now I have some issues with data access. It doesn't matter which Data Access Privileges I give - users can see all devices or none.

Here is an example for admin user for Poland. in Data Access Permissions only location "Poland" has "Full Access", all other "no Access". But the user is able to see also all other locations.

permissions_ise.png

RBAC Policy.png

poland.PNG

As You can see, the user is also able to see all other locations.

What could be my problem?

0 Helpful
1 Accepted Solution

Accepted Solutions
1 Reply 1

Go to solution
hslai
Cisco Employee
Cisco Employee

‎11-26-2017 02:36 PM

See my response @ How to segregate device admin access to a device group on ISE

0 Helpful
Customers Also Viewed These Support Documents