- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-30-2018 08:33 AM
Hi dev team,
Now my customer is considering specific admin user can access only some specific network user group.
It could be achieved by admin authorization policy. (Administration -> Authorization -> Policy).
It does work as expected, but when we tried to configure same user group via ERS API, we faced un-authorized error. Do we need special configuration for restrict data area via ERS API access?
Solved! Go to Solution.
- Labels:
-
Identity Services Engine (ISE)
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-31-2018 04:22 PM
Prerequisites for Using the External RESTful Services API Calls says,
- You must have External RESTful Services Admin privileges.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-30-2018 09:25 AM
ERS API does not follow the same RBAC as those used in ISE admin web UI. I believe you need to discuss this requirement with our PM team and raise it as an enhancement.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-30-2018 04:02 PM
I see. Thanks. Actually I & my customer didn't notice the implementation during design session for admin access.
I hope the behavior is documented on admin access section on ISE guides.
- ISE guides: Admin Access Policies
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_0101.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-31-2018 04:22 PM
Prerequisites for Using the External RESTful Services API Calls says,
- You must have External RESTful Services Admin privileges.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-11-2018 05:56 PM
