We started to explore user certificates with eap-tls as an option for devices that clients don't want their username/pw stored on. The issue has came up that these devices would have access to the clients' personal airgroup devices, which may or may not be desired. These eap-tls devices are in different roles, but I would need a sharing option to limit airgroup access to a Username AND Role, not just Username or Role. Any thoughts?
thanks
mike