topic Local ASA passwords to allow ALL show commands, no config in Network Security https://community.cisco.com/t5/network-security/local-asa-passwords-to-allow-all-show-commands-no-config/m-p/2191557#M359403 <HTML><HEAD></HEAD><BODY><P>Assuming AAA authentication, define some users with intermediate privilege levels and assign the commands they can run to that level, e.g.</P><P></P><P>&nbsp;&nbsp;&nbsp; username readonly password SomeSecret privilege 2</P><P></P><P>followed by a tedious number of privilege commands for each of the keywords "show ?" expands to:</P><P></P><P>privilege show level 2 mode exec command aaa-server</P><P>...</P><P>privilege show level 2 mode exec command xlate</P><P></P><P>Anyone knowing a more consise way would be welcome.</P><P></P><P>-- Jim Leinweber, WI State Lab of Hygiene</P></BODY></HTML> Wed, 27 Mar 2013 22:33:15 GMT James Leinweber 2013-03-27T22:33:15Z Local ASA passwords to allow ALL show commands, no config https://community.cisco.com/t5/network-security/local-asa-passwords-to-allow-all-show-commands-no-config/m-p/2191556#M359402 <P>Hi there</P><P></P><P>Currently have an ASA 5545. <SPAN style="font-size: 10pt;">What I want to do is allow our support team to perform ALL show commands (up to and including show run) but not enable them to perform ANY configuration changes on the devices (not get into config t). This is to allow them to check ARP tables, routing protocol status, etc</SPAN></P><P></P><P>Can anyone advise the syntax to do this? i don't have access to the ASA at the moment and haven't been able to figure it out in IOS, i'm assuming its not too hard...</P> Tue, 12 Mar 2019 01:20:17 GMT https://community.cisco.com/t5/network-security/local-asa-passwords-to-allow-all-show-commands-no-config/m-p/2191556#M359402 pheavens85 2019-03-12T01:20:17Z Local ASA passwords to allow ALL show commands, no config https://community.cisco.com/t5/network-security/local-asa-passwords-to-allow-all-show-commands-no-config/m-p/2191557#M359403 <HTML><HEAD></HEAD><BODY><P>Assuming AAA authentication, define some users with intermediate privilege levels and assign the commands they can run to that level, e.g.</P><P></P><P>&nbsp;&nbsp;&nbsp; username readonly password SomeSecret privilege 2</P><P></P><P>followed by a tedious number of privilege commands for each of the keywords "show ?" expands to:</P><P></P><P>privilege show level 2 mode exec command aaa-server</P><P>...</P><P>privilege show level 2 mode exec command xlate</P><P></P><P>Anyone knowing a more consise way would be welcome.</P><P></P><P>-- Jim Leinweber, WI State Lab of Hygiene</P></BODY></HTML> Wed, 27 Mar 2013 22:33:15 GMT https://community.cisco.com/t5/network-security/local-asa-passwords-to-allow-all-show-commands-no-config/m-p/2191557#M359403 James Leinweber 2013-03-27T22:33:15Z