i already have aaa authentication http console LOCAL set

the problem is that every authenticated users gets priv 15

You can use following commands to set privilege level of specific commands. Next, if you create a username with-

-> 3 = Privilege < 5 : Can only “monitor” the device or can only run commands set at privilege level 3 (Refer commands below).

-> 5 = Privilege < 15 : Can only “see configuration settings”, refer to additional commands at level 5 below.

-> Privilege = 15 : Complete access to the device.

Note: Privielge level of all other commands not mentioned below are by default at privilege 15, exception are commands like “help”.

CHECK IF THE COMMAND BELOW IS PRESENT :

aaa authorization command

( MAKE SURE YOU HAVE AN ALTERNATE SESSION OPEN WHILE YOU SET AUTHORIZATION FOR COMMANDS TO AVOID A LOCKOUT.

Regards,

Sushil

i know how to do this with local usernames, the problem is using RADIUS for authentication....

the Cisco AV Pair Priv-Lvl command doesn't seem to work or be adhered to by ASDM?