Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1297
Views
0
Helpful
3
Replies

Privilege levels and ASDM requirements for read-only access

cameron.moody
Level 1
Level 1

‎06-17-2008 01:33 AM - edited ‎03-09-2019 08:55 PM

Hi All,

ASA running 7.2(2) and ASDM 5.2(2)

We have a need to have restricted access to an ASA for certain staff so that they would essentially only have read access to the firewall.

When they log in with the their account on the initial screen it goes through fine. However when the aplet appears with the dashboard it is just continuous prompts for authentication.

Obviously this isn't a username/password issue, and believe it is the privilege level assigned to them (and certain commands). Also when using our privilege 15 account it is all fine so this isn't a java version issue or anything like that.

What are the required commands to allow READ-only access to the ASDM? I tried searching through some documentation but haven't been able to find anything yet...

Thanks

Labels:
0 Helpful
3 Replies 3

Jagdeep Gambhir
Level 10
Level 10

‎06-17-2008 06:52 AM

To set up command authorization for ASDM to a TACACS server, there is a set of commands that are requried in order to give read only access for ASDM. For a user that has read-only privilege, you need to ensure that they are allowed to execute this set of commands.

In order to see what commands these are, there is a feature which actually moves a series

of commands to Read Only privilege 5 ASDM access, as well as a series of commands to

Monitor Only privilege 3 ASDM access. Currently, logging in with a user of privilegel 15, navigate to Configuration > Device Administration > AAA Access > Authorization.

There is a button "Predefined User Account Privilege". If you select this and apply this, it wil show a series of commands that would be lowered to allow Read Only or Monitor Only privilege. Read Only users would need all commands that are to be set at privilege 5 or lower in order to work effectively.

Regards,

~JG

Do rate helpful posts

0 Helpful

cameron.moody
Level 1
Level 1
In response to Jagdeep Gambhir

‎06-17-2008 03:44 PM

Hi JG,

Thanks however when I make the username priv 5 the same thing happens. I suspect that this is because we have changed certain commands to various privilege levels (6 for example).

Also this is just local AAA, not going to a TACACS server.

That is why it is the actual required commands that I am after, or any other suggestions as to what may be causing the problem.

We have confirmed it is not the computer itself (browser, java, etc) by logging in with a priv 15 account.

0 Helpful

Jagdeep Gambhir
Level 10
Level 10
In response to cameron.moody

‎06-18-2008 05:37 AM

Yes, this could be due to the fact you have changed the privilege level of commands.

Regards,

~JG

Do rate helpful posts

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents