04-05-2017 03:55 AM
I have looked into creating a stripped down low privilege account on clearpass for users to be able to login and only have access to download any reports that have been previously generated.
I dont want users to be able to change anything. I plan to setup the automatic generation of reports and then email the pdf report to a specified email address but then give users access to be able to login and download the csv if required.
Is this possible?
04-10-2017 12:56 AM - edited 04-10-2017 12:58 AM
You need to create operator profile with Clearpass Insight read only access. Then you need to create TACACS based enforcement profile as below
Privilege Level: 0
Selected Service : cpass:HTTP
Type : cpass:HTTP
Name : AdminPrivilege
Value : Insight_Read_Only ( Operator Profile Name)
Finally you need to create policy condition for this enforcement profile in Admin Network Policy Login.