cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
949
Views
0
Helpful
1
Replies

RBAC in ISE 2.2

Thomas Schmitt
Level 1
Level 1

Hello,

I have some trouble with RBAC on ISE 2.2.0.470 and I hope somebody can clarify this.

I need different Network Device Admin groups for different locations. For example Network Device Admin from France should be able to see and edit Network Devices with location France (my own tag) and an admin from Poland should be able to see and edit all devices from Poland.

so I created different admin user groups  and mapped them with RBAC Policy to default "Network Device Menu Access" view and custom Data groups for different locations, so far it works. But now I have some issues with data access. It doesn't matter which Data Access Privileges I give - users can see all devices or none.

Here is an example for admin user for Poland. in Data Access Permissions only location "Poland" has "Full Access", all other "no Access". But the user is able to see also all other locations.

permissions_ise.png

RBAC Policy.png

poland.PNG

As You can see, the user is also able to see all other locations.

What could be my problem?

1 Accepted Solution

Accepted Solutions
1 Reply 1

hslai
Cisco Employee
Cisco Employee
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: