Security

I have a customer who needs to provide a multi-tenant WLAN solution in their managed office building.  Can we partition the ClearPass user database and allow a 'tenant admin' access only to 'their' partition of the user database?

For local user accounts, no you cannot.

For guest user accounts, you can use operator profiles to limit users to seeing accounts created by the same operator profile.

OK, thanks for the prompt reply, as always, Tim - as we need to offer secure (802.1x + encrypted) access, I don't think Guest will cut the mustard here.  Perhaps we could use OnBoard, with sponsor-checked access to the OB process?  (there's no guarantee that the tenants will have an AD against which to check user credentials) -  I.e. depending on who approves your OB request determines what access policy you are assigned..?

At first glance, that could work but it will be clunky. ClearPass isn't really designed to be truly multi-tenant from an admin standpoint.

Not possible, though great idea.

 

Similarly, the ability to restrict admin users to only see events/endpoints related to their particular services would be neat.  Sadly that is not possible also. :-(

Many thanks for your reply too, Michael - glad to see you and Tim agree!