AAA, NAC, Guest Access & BYOD

How to edit Admin Privileges on CPPM to access Clearpass dashboard and access tracker

Aruba Employee
Requirement:

I have a custom requirement to hide all the config tabs from a help desk user and allow him to access Clearpass dashboard and access tracker tabs.



Solution:

This can be achieved as follows:

 

We can edit the Admin Privileges under "Administration » Users and Privileges » Admin Privileges".

 

 



Configuration:

Login to Clearpass and navigate to "Administration » Users and Privileges » Admin Privileges".

Export the default Help-desk XML.

 

Open the XML in any XML editor.

 

The default contents are as below.

 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TipsContents xmlns="http://www.avendasys.com/tipsapiDefs/1.0">
  <TipsHeader exportTime="Mon Jun 15 09:22:01 IST 2015" version="6.5"/>
  <AdminPrivileges>
    <AdminPrivilege allowPasswords="true" accessType="FULL" name="Help Desk" description="A help desk person logs in to troubleshoot problems reported by end users">
      <AdminTask taskid="mon.li.ag">
        <AdminTaskAction type="RWD"/>
      </AdminTask>
      <AdminTask taskid="mon.li.ad">
        <AdminTaskAction type="RWD"/>
      </AdminTask>
      <AdminTask taskid="mon.li.ac">
        <AdminTaskAction type="RWD"/>
      </AdminTask>
      <AdminTask taskid="mon.li.sp">
        <AdminTaskAction type="RWD"/>
      </AdminTask>
      <AdminTask taskid="mon.li.sy">
        <AdminTaskAction type="RWD"/>
      </AdminTask>
    </AdminPrivilege>
  </AdminPrivileges>
</TipsContents>

We can edit the contents as below and upload the import same file.

 

 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TipsContents xmlns="http://www.avendasys.com/tipsapiDefs/1.0">
  <TipsHeader exportTime="Mon Jun 15 09:22:01 IST 2015" version="6.5"/>
  <AdminPrivileges>
    <AdminPrivilege allowPasswords="true" accessType="FULL" name="Help Desk" description="A help desk person logs in to troubleshoot problems reported by end users">
      <AdminTask taskid="mon.li.ag">
        <AdminTaskAction type="RWD"/>
      </AdminTask>
      <AdminTask taskid="mon.li.ad">
        <AdminTaskAction type="RWD"/>
      </AdminTask>
      <AdminTask taskid="mon.li.ac">
        <AdminTaskAction type="RWD"/>
      </AdminTask>
      <AdminTask taskid="mon.li.sp">
        <AdminTaskAction type="RWD"/>
      </AdminTask>
      <AdminTask taskid="dnd">
        <AdminTaskAction type="RWD"/>
      </AdminTask

      <AdminTask taskid="mon.li.sy">
        <AdminTaskAction type="RWD"/>
      </AdminTask>
    </AdminPrivilege>
  </AdminPrivileges>
</TipsContents>

 

We have only added the below lines to the default XML.

 

 <AdminTask taskid="dnd">
        <AdminTaskAction type="RWD"/>
      </AdminTask

 

This allows visibility to the dashboard tab of CPPM to the custom user.

 



Verification

Login via the new role and you would see that only the dashboard and access tracker tab is visible for the custom user. This user will not have visibility to any other tabs of CPPM.

 

The attached file can be used. It will add a new role named "Help Desk Custom"

 


Attachments:
AdminPrivileges-custom-help-desk.xml
Version history
Revision #:
2 of 2
Last update:
‎06-16-2015 01:05 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.