Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Creating a limited admin user account on an ASA?

Hi All,

 

Wondering if this is possible. I want to create a user account on an ASA running 9.1(4) that just has the ability to create and delete other user accounts.  This ASA is running a webvpn with local authentication and I want the local folks to be able to add and remove user accounts but not to be able to do anything else to modify the config.

 

I've done a similar thing in the past so that users could issue specific "show" commands by creating a local account with a privilege level of  6 and then allowing that account the ability to issue show commands with the following lines:

 

username nopriv password <removed> privilege 6

privilege show level 6 mode exec command startup-config
 

Is it possible to do the same so that they only have access to the "username" commands?

 

Thanks,

 

Ben

1 REPLY
Hall of Fame Super Silver

The ASA has RBAC (Role-Based

The ASA has RBAC (Role-Based Access Control) similar to IOS. In ASDM, first customize the desired command privileges to apply to a level <15 (Configuration > Device Management > Users/AAA > AAA Access >Authorization).

Then, from the User Accounts menu in the same Configuration pane, create your limited admin users and modify their privilege level to the one you just customized.

388
Views
0
Helpful
1
Replies
CreatePlease to create content