Using ACS for command authorization

Unanswered Question
Nov 19th, 2008
User Badges:

I've setup my ASA for this and it works as it should, the restricted user can only run the commands I put into the command set in ACS.

However this is fine on telnet/SSH but when using ASDM the restricted account has level 15 access and is able to change things.

Can you use ACS to give a view only account on an ASA when using ASDM?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
aiftikhar Wed, 11/19/2008 - 19:15
User Badges:

Not sure which version of ACS you 're running. Please check admin control and see if users are defined there with high privilege. I may be looking at a different direction altogether.

Chris Green Thu, 11/20/2008 - 00:49
User Badges:

thanks for the reply, I actually resolved it by watching the logs and seeing what ASDM needed, in the end had to add permit to the session command and also permit write net

this worked and gives the restricted user view only access to the config etc and also view only in ASDM.


This Discussion