I am running PIX 6.2 and want to create a username that will have read only access to PIX configuration both through command line and PDM. Has anyone done this yet and if so can you let me know what is required. I have tried creating a user with priv 2 and assinged show block, sh curpriv, sh pdm, sh running-config to the priv level 2. This allows me to open pdm with the user account but I only have access to the Monitoring Tab. When I try to access another tab I get "You are not authorized to view any other tabs." Any ideas?????
Tried that and it didn't work either, same result. If this is functioning as designed then is there a way to set up PDM in a read only manner. I need to have read only access through PDM so some users can review the config but not change it.
Too simple. Thanks for the reply. That worked exactly as you defined. One question though. When I initially created the new user I left the previously defined user and authorizations in my config and it didn't work. Does this mean that I can't have multiple user accounts with other defined authorizations for this to work?
Sorry I could not get want you want. Please let me know whether I am correct.
1. You can Multiple users with diffferent priv levels. ( ex: Read Only, Montior Only and Admin).
2. You can have only LOCAL or TACACS+ Command Authorization .
3. If you change privilege of any command other the Predefined User Account priv commands you will be out of PDM Profiling.
ex: If change the privilege of a single command say show arp from Default value 15 to 5 ( Read-only)
Now when you connect to PDM, If you see you it will state user privilege in lower bottom of PDM as 5 insetad of Read-only.
So Make sure if you customise the privileges of Command. You should have all necessary commands ( ex: show pdm, show blocks, show curpriv... ) all set to priv same or less than the privilege level of the user you logged in.
Otherwise you will end up in misconfiguration.
Finally, Currenttly PDM supports Three Users only. ( If it is in PDM profiling)
1. Admin ( priv 15) Can view and Modify any PDM TABS and commands ).
2. Read-Only ( priv 5) he can view all tabs in PDM but cannot Modify.
3.Monitor-Only ( priv 3) he can only do Montioring Screen.
When you find that you have changed the privilege of Individual Command
You can restore PDM profiling by going to Authentication/Authorization Screen and Click on Restore PDM user Account Privileges. It will set you back to the three users config mode.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :