Privilege levels and ASDM requirements for read-only access
ASA running 7.2(2) and ASDM 5.2(2)
We have a need to have restricted access to an ASA for certain staff so that they would essentially only have read access to the firewall.
When they log in with the their account on the initial screen it goes through fine. However when the aplet appears with the dashboard it is just continuous prompts for authentication.
Obviously this isn't a username/password issue, and believe it is the privilege level assigned to them (and certain commands). Also when using our privilege 15 account it is all fine so this isn't a java version issue or anything like that.
What are the required commands to allow READ-only access to the ASDM? I tried searching through some documentation but haven't been able to find anything yet...
Re: Privilege levels and ASDM requirements for read-only access
To set up command authorization for ASDM to a TACACS server, there is a set of commands that are requried in order to give read only access for ASDM. For a user that has read-only privilege, you need to ensure that they are allowed to execute this set of commands.
In order to see what commands these are, there is a feature which actually moves a series
of commands to Read Only privilege 5 ASDM access, as well as a series of commands to
Monitor Only privilege 3 ASDM access. Currently, logging in with a user of privilegel 15, navigate to Configuration > Device Administration > AAA Access > Authorization.
There is a button "Predefined User Account Privilege". If you select this and apply this, it wil show a series of commands that would be lowered to allow Read Only or Monitor Only privilege. Read Only users would need all commands that are to be set at privilege 5 or lower in order to work effectively.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :