Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8189
Views
1
Helpful
5
Replies

Read Only Web Access to ISE Nodes

Go to solution
rmujeeb81
Level 1
Level 1

‎08-18-2013 11:16 AM - edited ‎03-10-2019 08:47 PM

Hi All,

How can we create a Read Only account for web access of Cisco ISE nodes ? I created a new username with 'user' role but not able to login into admin web page.

Thanks & Regards,

Mujeeb

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Muhammad Munir
Level 5
Level 5

‎08-19-2013 08:28 PM

RBAC policies determine if an administrator can be granted a specific type of access to a menu item or other identity group data elements. You can grant or deny access to a menu item or identity group data element to an administrator based on the admin group by using RBAC policies. When administrators log in to the Admin portal, they can access menus and data that are based on the policies and permissions defined for the admin groups with which they are associated.

RBAC policies map admin groups to menu access and data access permissions. For example, you can prevent a network administrator from viewing the Admin Access operations menu and the policy data elements. This can be achieved by creating a custom RBAC policy for the admin group with which the network administrator is associated.

Cisco ISE allows you to create custom menu access permissions that you can map to an RBAC policy. Depending on the role of the administrators, you can allow them to access only specific menu options.

Step 1 Choose Administration > System > Admin Access > Authorization > Permissions > Menu Access.

Step 2 Click Add, and enter values for the Name and Description fields.

Step 3 Click to expand the menu item up to the desired level, and click the menu item(s) on which you want to create permissions.

Step 4 In the Permissions for Menu Access area, click Show.

Step 5 Click  Submit.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Venkatesh Attuluri
Cisco Employee
Cisco Employee

‎08-19-2013 05:07 AM

Cisco  ISE allows you to define role-based access control (RBAC) policies that  allow or deny certain system-operation permissions to an administrator.  These RBAC policies are defined based on the identity of individual  administrators or the admin group to which they belong.

review the follwoing link for more info on this

http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_man_admin.html

0 Helpful

Go to solution
Muhammad Munir
Level 5
Level 5

‎08-19-2013 08:28 PM

RBAC policies determine if an administrator can be granted a specific type of access to a menu item or other identity group data elements. You can grant or deny access to a menu item or identity group data element to an administrator based on the admin group by using RBAC policies. When administrators log in to the Admin portal, they can access menus and data that are based on the policies and permissions defined for the admin groups with which they are associated.

RBAC policies map admin groups to menu access and data access permissions. For example, you can prevent a network administrator from viewing the Admin Access operations menu and the policy data elements. This can be achieved by creating a custom RBAC policy for the admin group with which the network administrator is associated.

Cisco ISE allows you to create custom menu access permissions that you can map to an RBAC policy. Depending on the role of the administrators, you can allow them to access only specific menu options.

Step 1 Choose Administration > System > Admin Access > Authorization > Permissions > Menu Access.

Step 2 Click Add, and enter values for the Name and Description fields.

Step 3 Click to expand the menu item up to the desired level, and click the menu item(s) on which you want to create permissions.

Step 4 In the Permissions for Menu Access area, click Show.

Step 5 Click  Submit.

0 Helpful

Go to solution
rmujeeb81
Level 1
Level 1
In response to Muhammad Munir

‎08-19-2013 11:06 PM

Hi Munir,

Thanks for your response. Above steps will satisfy the requirement if I want to hide or show some menu options for a specific admin user.

But my requirement is to provide 'Read Only Access' to all menu options e.g Operations, Policy, Administration etc means that specific admin user can see all menu options and configurations but should not be able to modify/delete any configuration item.

So kindly guide how I can achieve this ?

Thanks & Regards,

Mujeeb

0 Helpful

Go to solution
Muhammad Munir
Level 5
Level 5
In response to rmujeeb81

‎08-20-2013 12:50 AM

Hello Mujeeb

Thanks for your response. Given below is some information regarding permission, so try this one:

Permissions are assigned to admin groups by way of a policy rule table

Step 1: Examine these policies under Administration > System > Admin Access> Policies

Note:  There are two types of permission – one based on menu access and the other based on data access

Examine and upgrade these types of permissions as per your requirement under

Administration > System > Admin Access > Permissions

0 Helpful

Go to solution
m.cucchi
Level 1
Level 1
In response to rmujeeb81

‎01-10-2024 05:54 AM

Hello i'm running version 3.3 and you can achieve as your request directly into the :

Step 1 Choose Administration > System > Admin Access > Administrator > Admin User

Step 2 Choose Add new Administrator

Step 3 Flag read-Only for this user.

in this case you can have an admin without any change possibility.

Thanks

Customers Also Viewed These Support Documents