Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
306
Views
0
Helpful
1
Replies

roll based access control

Go to solution
darnorri
Cisco Employee
Cisco Employee

‎04-12-2019 08:14 AM

got this question from a customer

 

Is there a way to restrict an ISE Admin to maintaining policy for certain Identity Groups?

 

Any help would be greatly appreciated.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎04-12-2019 10:29 AM

As far as I know you cannot accomplish that scenario. As far as Authorization permissions for RBACL it is broken down by Menu and Data access. In the Menu access you can either Show or Hide all policy sets. However, you can grant RBACL for the admins to only manage their specific identity groups via specific configuration under Data access. That would be similar to modifying the Policy Admin Data Access role. HTH!

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎04-12-2019 10:29 AM

As far as I know you cannot accomplish that scenario. As far as Authorization permissions for RBACL it is broken down by Menu and Data access. In the Menu access you can either Show or Hide all policy sets. However, you can grant RBACL for the admins to only manage their specific identity groups via specific configuration under Data access. That would be similar to modifying the Policy Admin Data Access role. HTH!
0 Helpful
Customers Also Viewed These Support Documents