06-17-2008 01:33 AM - edited 03-09-2019 08:55 PM
Hi All,
ASA running 7.2(2) and ASDM 5.2(2)
We have a need to have restricted access to an ASA for certain staff so that they would essentially only have read access to the firewall.
When they log in with the their account on the initial screen it goes through fine. However when the aplet appears with the dashboard it is just continuous prompts for authentication.
Obviously this isn't a username/password issue, and believe it is the privilege level assigned to them (and certain commands). Also when using our privilege 15 account it is all fine so this isn't a java version issue or anything like that.
What are the required commands to allow READ-only access to the ASDM? I tried searching through some documentation but haven't been able to find anything yet...
Thanks
06-17-2008 06:52 AM
To set up command authorization for ASDM to a TACACS server, there is a set of commands that are requried in order to give read only access for ASDM. For a user that has read-only privilege, you need to ensure that they are allowed to execute this set of commands.
In order to see what commands these are, there is a feature which actually moves a series
of commands to Read Only privilege 5 ASDM access, as well as a series of commands to
Monitor Only privilege 3 ASDM access. Currently, logging in with a user of privilegel 15, navigate to Configuration > Device Administration > AAA Access > Authorization.
There is a button "Predefined User Account Privilege". If you select this and apply this, it wil show a series of commands that would be lowered to allow Read Only or Monitor Only privilege. Read Only users would need all commands that are to be set at privilege 5 or lower in order to work effectively.
Regards,
~JG
Do rate helpful posts
06-17-2008 03:44 PM
Hi JG,
Thanks however when I make the username priv 5 the same thing happens. I suspect that this is because we have changed certain commands to various privilege levels (6 for example).
Also this is just local AAA, not going to a TACACS server.
That is why it is the actual required commands that I am after, or any other suggestions as to what may be causing the problem.
We have confirmed it is not the computer itself (browser, java, etc) by logging in with a priv 15 account.
06-18-2008 05:37 AM
Yes, this could be due to the fact you have changed the privilege level of commands.
Regards,
~JG
Do rate helpful posts
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: