We are running an PIX 515 and we use a Cisco ACS 1113 server as our tacacs server for authentication (TACACS). Our department head has decided that he would like our help desk folks to have access to our PIX via PDM so they may be able to view rules in place as well as some other monitoring functions. They can access the PIX via PDM but the issue is that they are at full enable 15 privilege. I need to know if there is a way to give them access to the firewall via PDM with read only permissions or if there would be a way to setup some sort of PIX command authorization with the ACS server so that they cannot make major configuration changes but still permit the senior members of the team the ability to make the changes. If anybody knows if there is any way to limit permissions available to folks via PDM and can either let me know how or point me to the proper documentation I would appreciate it. Thanks in advance.
I have this problem too.