Hi All,
Wondering if this is possible. I want to create a user account on an ASA running 9.1(4) that just has the ability to create and delete other user accounts. This ASA is running a webvpn with local authentication and I want the local folks to be able to add and remove user accounts but not to be able to do anything else to modify the config.
I've done a similar thing in the past so that users could issue specific "show" commands by creating a local account with a privilege level of 6 and then allowing that account the ability to issue show commands with the following lines:
username nopriv password <removed> privilege 6
privilege show level 6 mode exec command startup-config
Is it possible to do the same so that they only have access to the "username" commands?
Thanks,
Ben