I have an admin user located at a remote site that will be connecting to my networks via VPN. He requires only read access to my switches, routers & firewall. Currently we connect to the devices on the network after authentication using AAA. I have a Windows 2003 Server running IAS Radius (Standard) that provides AAA.
How can I restrict his access once connected to the devices to read-only.