I would like to restrict 'config t' to user privilege level 5.
Currently when I do 'sh run all privlege level all | i command configure'
I can see the below
privilege cmd level 15 mode exec command configure
which I believe means only level 15 can do a config t. But even when the enable level is '5', I can enter config t and have all the change entries available.
We are not using TACAS+. The complete AAA configuration in ASA is only the following
aaa authentication ssh console LOCAL
aaa authentication serial console LOCAL
aaa authentication http console LOCAL
Also, if I like to permit all show commands at a certain level, do I have to explicitly permit every show command to level 5 or is there any wild card i.e. to permit all 'show' commands within user/privileged mode to a particular level.