Right now I have a 3-node ACS 5.4 (soon to be 5.5) installation which provides network device authentication to a single business units routers/switches/etc. The cluster has the large-site and advanced Logging/monitoring licenses.
Now, after running it solely within my business unit for a number of years, various groups in the corporate hierarchy outside my business unit have expressed interest in leveraging our investment to authenticate other kinds of devices controlled by different administrator groups but a sticking point is the inability to restrict ACS administrators beyond which sections of the GUI they can interact with. Because all the different groups are separate administrative entities, there is good reason to want that kind of restriction.
Is there any way in ACS to restrict an administrators access more granularly then GUI elements? For example, Administrator A should only be able to perform CRUD operations on Device group Y, while Administrator B should only be ably to perform CRUD operations on device group Z. If not in ACS, is it possible in ISE? Device groups are the only things really impacted by this, most of the rest can be worked out politically.
I will mention that I am not really interested in using the REST API's to create my own front-end unless that really is the only way.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :