Security

Pretty confused as to why the /tips endpoint repository and the /guest device database are separate.

I have a request from a customer to have an operator profile that allows removal of devices. We're currently allowing a limit on the number of devices a user may bring on the network. Unfortunatally its the /tips endpoint repository that's used to get this working. 

And I don't know of a way to allow operators access to just that bit.

Something like this would be easy if we could use the /guest device database  for this.

Is there a way to achieve what is requested here? Or am I missing something obvious here?

Please download the CPPM 6.2 policy manager User Guide and search for "custom admin privileges"

Here is the custom role we use for our Help Desk.

This allows access to the following:

MONITORING

  Live Monitoring:

     - Access Tracker

     - Analysis & Trending

     - Endpoint Profiler

CONFIGURATION

  Identity:

     - Endpoints

     - Guest Users

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TipsContents xmlns="http://www.avendasys.com/tipsapiDefs/1.0">
  <TipsHeader exportTime="Wed Jan 08 14:55:46 EST 2014" version="6.2"/>
  <AdminPrivileges>
    <AdminPrivilege allowPasswords="true" accessType="FULL" name="Brandeis-HelpDesk" description="Role for Brandeis help desk">
      <AdminTask taskid="mon.li.ep">
        <AdminTaskAction type="RWD"/>
      </AdminTask>
      <AdminTask taskid="con.id.ep">
        <AdminTaskAction type="RWD"/>
      </AdminTask>
	  <AdminTask taskid="con.id.gu">
        <AdminTaskAction type="RWD"/>
      </AdminTask>
      <AdminTask taskid="mon.li.ad">
        <AdminTaskAction type="RWD"/>
      </AdminTask>
      <AdminTask taskid="mon.li.sp">
        <AdminTaskAction type="RWD"/>
      </AdminTask>
    </AdminPrivilege>
  </AdminPrivileges>
</TipsContents>

Guess I did miss the obvious on this one. :smileyembarrassed:

thanks for the pointer but  I guess I'll have to check it out tomorrow Colin.

Currently ClearPass Policy Manager 6.2 User Guide from support site link goes here: https://d1x3hnhct7p62q.cloudfront.net/SupportSite/ProductionFiles/6265d2a4-9565-4e7d-8b3c-f7d6487e6e1f/Aruba_CPPM_User_Guide.pdf?Expires=1389212317&Signature=I7OGedJxllWUuUi7iZgFc0GSQEG1KuvZA5S~QcPoJodnp~n8ce0Ka6tPugsXhkJy~86IFZFCn3NsGCJI4ktaGuVg0b3IWjqw2TCgV-nO~oWCklqNkhGpeqTOBOKePCvlISmBY5-Gc~t8eDfaxsqTcR2ccJ1v4tUz5OhoDUo99oQq6cl0zwrwcIUw287DfIUEpFxWnjvAQ9PtFWWkWd6ZZrhoR0G4lnsDhsQ913pd0zwjBrntlCuNSRi0dEu5TBPuSq2H1~~AAs8VNV7c738C7tMW~qFTTTWFcYt8UBNZ800rtGyp~KX57qzTsVe1fUziFf0ZfrkECiqKO6zeEAPQvg__&Key-Pair-Id=APKAIA2CDKVYCRBEJEMA

and gives me:

http://support.arubanetworks.com/DOCUMENTATION/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=11862

Please try that link above.

Same redirect to cloudfront and an access denied xml error.

No worries, I'll check it out tomorrow at work.

For those running into the same download issues:  these were caused by my HTTPS Everywhere plugin.

It forced the cloudfront.net link that housed the actual files to use https and apparently it didn't like that.