Depends, you have to do this using TACACS, as command authorization is not available in Radius. Also, once you set it up for one user, every other user is going to have to log in using an ACS/TACACS username on this server, and you'll have to modify their policy to allow all commands to be run by them.
On the router you'd do something like:
> aaa new-model
> aaa authentication login default group tacacs local
> aaa authorization exec default group tacacs none
> aaa authorization commands 15 default group tacacs none
Then on ACS, go under Interface Config - TACACS and check the box for User Shell (exec). Modify the user and under TACACS Setting check the Shell (exec) box, then under the Shell Command Authorization Set section, check the Per-User Command Authorization box, set Unmatched Commands to deny, check the Command box, put "show" in the as the command (minus the quotes), put "permit running-config" in as the argument (minus the quotes), deny Unlisted Arguments. Hit Submit and you should be good to go.
This user will be able to go into enable mode and then only type "sho run", nothing else.
For every other user, you need to create an ACS account for them. Put them all into a specific ACS group. For all of these users the default "Command Authorization" setting should be "as group" meaning use whatever the group parameter is set to. Modify the group that you put all these users into and under here check the "Shell (exec)" box and under the Per Group Command Authorization section, set Unmatched Commands to permit. This will allow all these users to run any command.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...