Interesting question, for me atleast. I don't think that with the very default configurations you will be able to actually separate what which user can do since if you use the "enable" password the user gains full access to all commands.
I personally don't handle much of the AAA side of our ASA management. Therefore I have never had to handle the LOCAL AAA settings on the ASA and making sure that certain user can only done specific things.
I took a quick look before posting and it seemed to me that by default the commands on the ASA are set so that very few commands are allowed for Privilege level 0 and rest are at Privilege 15 which is basically the highest level and to which you get to with the "enable" password.
To have the ASA define which commands are allowed for the user you will need some AAA configurations on the ASA, the LOCAL username configurations with specific privilege levels and modified privilege levels for the commands that you want to allow for the specific user accounts with their specific privilege level.
If you can specify the type of things this user should see then I could try to create a AAA configuration for you for this purpose. Would be good practise for myself since in our environments theres usually a separate AAA server involved.
However, by default hardly any commands are available at privilege 1 and all of them are available at privilege 15, so you might need a whole platoon of "privilege .. level 2 mode ..." commands to effect your will. There may be less tedious ways of accomplishing this that I'm unfamiliar with.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :