Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Privilege levels and ASDM requirements for read-only access

Hi All,

ASA running 7.2(2) and ASDM 5.2(2)

We have a need to have restricted access to an ASA for certain staff so that they would essentially only have read access to the firewall.

When they log in with the their account on the initial screen it goes through fine. However when the aplet appears with the dashboard it is just continuous prompts for authentication.

Obviously this isn't a username/password issue, and believe it is the privilege level assigned to them (and certain commands). Also when using our privilege 15 account it is all fine so this isn't a java version issue or anything like that.

What are the required commands to allow READ-only access to the ASDM? I tried searching through some documentation but haven't been able to find anything yet...

Thanks

3 REPLIES

Re: Privilege levels and ASDM requirements for read-only access

To set up command authorization for ASDM to a TACACS server, there is a set of commands that are requried in order to give read only access for ASDM. For a user that has read-only privilege, you need to ensure that they are allowed to execute this set of commands.

In order to see what commands these are, there is a feature which actually moves a series

of commands to Read Only privilege 5 ASDM access, as well as a series of commands to

Monitor Only privilege 3 ASDM access. Currently, logging in with a user of privilegel 15, navigate to Configuration > Device Administration > AAA Access > Authorization.

There is a button "Predefined User Account Privilege". If you select this and apply this, it wil show a series of commands that would be lowered to allow Read Only or Monitor Only privilege. Read Only users would need all commands that are to be set at privilege 5 or lower in order to work effectively.

Regards,

~JG

Do rate helpful posts

New Member

Re: Privilege levels and ASDM requirements for read-only access

Hi JG,

Thanks however when I make the username priv 5 the same thing happens. I suspect that this is because we have changed certain commands to various privilege levels (6 for example).

Also this is just local AAA, not going to a TACACS server.

That is why it is the actual required commands that I am after, or any other suggestions as to what may be causing the problem.

We have confirmed it is not the computer itself (browser, java, etc) by logging in with a priv 15 account.

Re: Privilege levels and ASDM requirements for read-only access

Yes, this could be due to the fact you have changed the privilege level of commands.

Regards,

~JG

Do rate helpful posts

822
Views
0
Helpful
3
Replies
CreatePlease login to create content