thanks for the quick response.

do you know if you can configure this from the CLI rather than from the ASDM?

and do you know if those permissions apply to the user both when logged in to the ASDM and the CLI???

Mario

Yes, the apply for ASDM and CLI. Users of priv 5 will be able to run only the commands that are of priv 5.

The commands ASDM will push for the priv levels are

      privilege show level 3 mode configure command aaa
      privilege show level 3 mode exec command aaa
      privilege clear level 3 mode configure command aaa-server
      privilege show level 3 mode configure command aaa-server
      privilege clear level 3 mode exec command aaa-server
      privilege show level 3 mode exec command aaa-server
      privilege show level 3 mode configure command access-list
      privilege show level 3 mode exec command access-list
      privilege clear level 3 mode configure command arp
      privilege show level 3 mode configure command arp
      privilege clear level 3 mode exec command arp
      privilege show level 3 mode exec command arp
      privilege show level 5 mode configure command asdm
      privilege show level 3 mode exec command asdm
      privilege show level 3 mode exec command asp
      privilege show level 3 mode exec command blocks
      privilege show level 3 mode configure command clock
      privilege show level 3 mode exec command clock
      privilege show level 3 mode exec command compression
      privilege show level 3 mode exec command cpu
      privilege clear level 3 mode configure command crypto
      privilege show level 3 mode configure command crypto
      privilege clear level 3 mode exec command crypto
      privilege show level 3 mode exec command crypto
      privilege show level 3 mode configure command dhcpd
      privilege show level 3 mode exec command dhcpd
      privilege clear level 3 mode exec command dns-hosts
      privilege show level 3 mode exec command dns-hosts
      privilege show level 3 mode exec command eigrp
      privilege cmd level 3 mode configure command failover
      privilege show level 3 mode configure command failover
      privilege cmd level 3 mode exec command failover
      privilege show level 3 mode exec command failover
      privilege show level 3 mode exec command firewall
      privilege show level 5 mode exec command import
      privilege show level 3 mode configure command interface
      privilege show level 3 mode exec command interface
      privilege show level 3 mode configure command ip
      privilege show level 3 mode exec command ip
      privilege show level 3 mode exec command ipv6
      privilege clear level 3 mode configure command logging
      privilege show level 3 mode configure command logging
      privilege clear level 3 mode exec command logging
      privilege cmd level 3 mode exec command logging
      privilege show level 3 mode exec command logging
      privilege show level 3 mode exec command mode
      privilege show level 3 mode exec command module
      privilege show level 3 mode exec command ospf
      privilege cmd level 3 mode exec command perfmon
      privilege cmd level 3 mode exec command ping
      privilege show level 5 mode configure command privilege
      privilege show level 3 mode exec command reload
      privilege show level 3 mode configure command route
      privilege show level 3 mode exec command route
      privilege show level 5 mode exec command running-config
      privilege show level 3 mode configure command ssh
      privilege show level 3 mode exec command ssh
      privilege show level 3 mode exec command uauth
      privilege show level 3 mode exec command vlan
      privilege show level 3 mode exec command vpn
      privilege show level 3 mode exec command vpn-sessiondb
      privilege show level 3 mode exec command vpnclient
      privilege show level 3 mode exec command wccp
      privilege show level 3 mode exec command webvpn
      privilege cmd level 3 mode exec command who

I hope it helps.

PK

Hi PK

I tried seeting user Bob to level 5, both via ASDM and via command line.  I confirmed it via looking at username.  but when i login as Bob, I can still change descriptions on the FW rule set.  any thoughts?  thanks.   jimmyc

Thanks,

i'm getting there now. I have a strange issue where if i set a user a privilege level of 1, they can access the configuration tab of the ASDM but all configuration is blank.

no firewall rules, network objects, vpn profiles. NOTHING.

Then the moment i change the privilege level to 2 or higher, the user has no access to the config tab at all. I'd like to raise the privilege level for accessing the Configuration tab so that i can configure more granular access.

Do you know how to do this? Is it one of the privilege commands posted previously?

Mario

thanks for your help guys...

i managed to find the show run privilege command which displayed all the privileges and allows me to config everything as i need!!

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/mgaccess.html#wp1042016

Cheers!!

Mario