Look in access tracker and make sure you are returning the correct user-role from ClearPass and if the correct user-role is being sent then verify that are using the necessary ACLs under the user-role
You can run the show user-role | include to validate what role the device is getting
Then run the show rights to see the level of access under the device role
Thank you
Victor Fabian
Pardon typos sent from Mobile