Hi Craighowson,
You need to create operator profile with Clearpass Insight read only access. Then you need to create TACACS based enforcement profile as below
Privilege Level: 0
Selected Service : cpass:HTTP
Service Attributes
Type : cpass:HTTP
Name : AdminPrivilege
Value : Insight_Read_Only ( Operator Profile Name)
Finally you need to create policy condition for this enforcement profile in Admin Network Policy Login.
Regards,
Milind Yashwantrao