I currently have an ACS Appliance performing tacacs authentication for my network devices. I have a few user groups in there to assign access to certain devices and at certain priviledge levels. One of the groups allows the user to authenticate to any network device, but only with a max priviledge level of 1.
When these users log into my ASA's, they are unable to go into enable mode, which is good. But when they log into the ASA via ASDM, they can perform changes and write them to flash.
The ASDM reports they are logged in at priviledge level 15.
Has anyone else noticed a similar issue? If so, where you able to mitigate it?