https://community.cisco.com/t5/network-security/cisco-ios-ios-xe-command-vs-privilege-levels/m-p/4413925#M1081345 <P>best way to remidate this issue is, go higher level like priv 5 or more, and give restrict with commands is good option i see,</P> <P>&nbsp;</P> <P>I know bit odd some of the command do not work until we elivate user rights for cetain commands.</P> Mon, 07 Jun 2021 10:39:37 GMT balaji.bandi 2021-06-07T10:39:37Z https://community.cisco.com/t5/network-security/cisco-ios-ios-xe-command-vs-privilege-levels/m-p/4413919#M1081343 <P>I use ISE for device administration. We have created Read Only and Read/Write command profiles. Read/Write level 15.&nbsp;</P><P>for the read only we set the privilege level 3 and then restricted the commands that could be executed.</P><P>the dir command was permitted for read only users but when executed the system comes back as command authorization fail.</P><P>I increasing privilege levels makes no differences.</P><P>sh run can only be executed with a priv level of 15. My testing shows the same for the dir command.&nbsp;</P><P>Question is there a Cisco page that shows what commands can be issued at each level. My understanding was that levels 2-14 were user defined. This clearly doesn't seem to be the case.</P> Mon, 07 Jun 2021 10:35:15 GMT https://community.cisco.com/t5/network-security/cisco-ios-ios-xe-command-vs-privilege-levels/m-p/4413919#M1081343 russell.sage 2021-06-07T10:35:15Z https://community.cisco.com/t5/network-security/cisco-ios-ios-xe-command-vs-privilege-levels/m-p/4413925#M1081345 <P>best way to remidate this issue is, go higher level like priv 5 or more, and give restrict with commands is good option i see,</P> <P>&nbsp;</P> <P>I know bit odd some of the command do not work until we elivate user rights for cetain commands.</P> Mon, 07 Jun 2021 10:39:37 GMT https://community.cisco.com/t5/network-security/cisco-ios-ios-xe-command-vs-privilege-levels/m-p/4413925#M1081345 balaji.bandi 2021-06-07T10:39:37Z https://community.cisco.com/t5/network-security/cisco-ios-ios-xe-command-vs-privilege-levels/m-p/4413928#M1081346 <P>thanks for the response but I set the priv level to 14 and dir command is still not permitted.</P> Mon, 07 Jun 2021 10:46:46 GMT https://community.cisco.com/t5/network-security/cisco-ios-ios-xe-command-vs-privilege-levels/m-p/4413928#M1081346 russell.sage 2021-06-07T10:46:46Z https://community.cisco.com/t5/network-security/cisco-ios-ios-xe-command-vs-privilege-levels/m-p/4413938#M1081347 <P>what is the ISE Live Logs shows ?</P> <P>Have given access or added command access.</P> <P>&nbsp;</P> <P>example as below :</P> <P>&nbsp;</P> <P><A href="https://integratingit.wordpress.com/2018/05/03/configuring-ise-tacacs/" target="_blank">https://integratingit.wordpress.com/2018/05/03/configuring-ise-tacacs/</A></P> <P><A href="https://wrmem.net/index.php/2019/06/11/cisco-ise-configuring-tacacs-device-management/" target="_blank">https://wrmem.net/index.php/2019/06/11/cisco-ise-configuring-tacacs-device-management/</A></P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 07 Jun 2021 11:02:47 GMT https://community.cisco.com/t5/network-security/cisco-ios-ios-xe-command-vs-privilege-levels/m-p/4413938#M1081347 balaji.bandi 2021-06-07T11:02:47Z