I am not sure that I am understanding your post correctly. As I understand it you have created a group for some users who would operate at privilege level 7. I gather that this works and that users in this group do authenticate and are assigned to privilege level 7. You say that some show commands are assigned to them but not the show run command. This would seem to be simple to solve - you make sure that show with a parameter of run is assigned to them. But there is something not simple that makes this not work. Part of the Cisco implementation of privilege levels is that in show run a user can not view any parameter that they do not have permission to change.
Perhaps it might work for your situation if you give those users access to show config. show config does not have the same restriction as show run.
I meant to say earlier that some of show commands are assigned this acsrestricted group using privilege level 7 are enabled by default. I didn't make any changes in the " shell command authorization set " in ACS group settings.
The only change i've made so far is check the shell (exec) and privilege level 7 in group setup>acsrestricted>edit settings on the ACS 4.2. However, i'm unclear as to how to assign the show command with the parameter config (i like this better then the parameter run) on ACS 4.2. Can you help me with with syntex on ACS 4.2. Your help would be greatly appreciated.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...