Security

Reply
Guru Elite

Re: One group of users accessing multiple mactrac pages

Enforcements should always be first match.


Thanks,
Tim

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor II

Re: One group of users accessing multiple mactrac pages

Did you create 2 separate operator roles? role1 and role2?  

role1 linked to page1 and role2 linked to page2. 

Guru Elite

Re: One group of users accessing multiple mactrac pages

Yes. You should have an operator profile for each variation of the UI (forms, permissions, enabled features)


Thanks,
Tim

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor II

Re: One group of users accessing multiple mactrac pages

In your translation rules, what is your per role "fallthrough"? "Continue translation if rule matches"? 

or stop? 

Guru Elite

Re: One group of users accessing multiple mactrac pages

I have an exact attribute match rule. No per role rules.


Thanks,
Tim

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor II

Re: One group of users accessing multiple mactrac pages

This is the difference in your setup.

 

So how its exacly defined? In Translation Rule? or in expression? 

Contributor II

Re: One group of users accessing multiple mactrac pages

Does your setup looks like:

 

attribute: admin_privileges equal CPG-Operator-Profile-Name,

on match assign "fixed operator profile" ..operator role1? 

Contributor II

Re: One group of users accessing multiple mactrac pages

 

Still clearpass mactrac can't provide access to multiple pages from same user. 

 

Unless clearpass software developer will fix this problem. 

Guru Elite

Re: One group of users accessing multiple mactrac pages

cppm-cpg.JPG


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
MVP Expert

Re: One group of users accessing multiple mactrac pages

Hello wireless_network10

 

I'm struggling to understand what you really want to achieve here. Tim is giving you solutions, but as far as I can tell you are not talking about the same things..

 

1. Do you want user1@domain.com to be able to access a single mac-trac pages during a single login?

OR

2. Do you want user1@domain.com to access mac-trac-page1 AND mac-trac-page2 during a single login?

OR

3. Do you want user1@domain.com to only reach mac-trac-page1 and user2@domain.com to only reach mac-trac-page2?

OR

4. Combination of 2 and 3 - different users reach multiple mac-trac-pages during a single login.

 

 

If a combination or none of the above - please formulate your requirement with what you want to achive - not HOW you are trying to achieve it..

 

Looking forward to the challenge..


Regards
John Solberg

-ACMX #316 :: ACCX #902 :: ACSA
Aruba Partner Ambassador
Intelecom/NetNordic - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: