View Only
last person joined: 3 days ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Role selection not working in "Create Device"

This thread has been viewed 18 times
  • 1.  Role selection not working in "Create Device"

    Posted Dec 27, 2021 04:45 AM
    We're trying to give our help desk the option to add devices to different roles in Guest. If we just enable role_id and change it to dropdown menu, user can see the roles he has access to but selecting the role doesn't change anything. All the users are created with the ID specified as the default role.

    Also tried to create new field "role_name" that's using NwaGuestMAnagerGenerateRoleList2 and that can too find all the roles. But how is this supposed to write the role_id to what users selects?

    Are there any documentation explaining how this should work or do you have any tips how this should be configured?

    Edit: seems I was editin mactrac form. Started over and it seems to be mac_create form that's used by default. After creating a clone of this, seems to be working OK now... have to check how the form is made. But good documentation for this wouldn't hurt :)

  • 2.  RE: Role selection not working in "Create Device"

    Posted Dec 27, 2021 02:46 PM
    Make sure the roles are enabled in the operator profile for that set of users.

    Tim C

  • 3.  RE: Role selection not working in "Create Device"

    Posted Dec 28, 2021 09:09 AM
    I think you shoud create the roles in Policy Manager, edit de Defautl Guest role mapping, add the roles there with a role id (they will appear in the selection in guest later) and then make sure, like timms said, that the roles are enabled to be used in the operator profile. This works in Clearpass 6.8 and later.

    Ulises Cazares

  • 4.  RE: Role selection not working in "Create Device"

    Posted Dec 28, 2021 09:20 AM
    I had the correct roles there on the dropdown menu, those which operator profile had access. However no matter what I selected, default value was used (I used 4 as default [Guest] wasn't allowed). I had three different roles allowed, they could be seen from the menu where you add devices, but no matter what I selected it was always the same role.

    Edit: OK I went through all the settings and I had "Force Value" enabled in the advanced settings. I though if I had any advanced settings configured it was shown and otherwise they would be all default values... that makes sense now.