https://community.cisco.com/t5/network-security/configure-read-only-user-on-asa/m-p/518164#M428696 <HTML><HEAD></HEAD><BODY><P>The ASDM has two options. Read only - Showing everything BUT the monitor screen or read/write - The regular admin screens showing all screens. To set for read only, setup a user with a privilege level of 5.</P><P></P><P>In the ADSM you should find the settings under</P><P>Configuration &gt; Features &gt; Device Administration &gt; Administration &gt; AAA Access &gt; Authorization Tab</P><P>Authorization lets you control access per user after you authenticate with a valid username and password. You can configure the security appliance to authorize management commands.</P><P> </P><P>Authorization lets you control which services and commands are available to an individual user.</P><P>Authentication alone provides the same access to services for all authenticated users.</P><P>When you enable command authorization, you have the option of manually assigning privilege levels to individual commands or groups of commands (using the Advanced... button) or enabling the Predefined</P><P> </P><P>User Account Privileges (using the Restore Predefined User Account Privileges button).</P><P>The Predefined User Account Privileges Setup panel displays a list of commands and privileges ASDM</P><P>issues to the security appliance if you click Yes. Yes allows ASDM to support the three privilege levels: Admin, Read Only and Monitor Only.</P><P>The complete explanation can be found in "ASDM Online Help, Release 5.0" at</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/application/pdf/en/us/guest/products/ps6121/c1225/ccmigration_09186a008045786c.pdf" target="_blank">http://www.cisco.com/application/pdf/en/us/guest/products/ps6121/c1225/ccmigration_09186a008045786c.pdf</A></P><P></P></BODY></HTML> Tue, 21 Mar 2006 16:35:49 GMT mchin345 2006-03-21T16:35:49Z https://community.cisco.com/t5/network-security/configure-read-only-user-on-asa/m-p/518163#M428687 <P>Hi,</P><P></P><P>My customer would like to have read-only access on the ASA , I tried to configure this in the ASDM but the new user has always full access. I configured the user with privilege level 1 ( tried several levels ) but with the same result. Can somebody explain me how I can configure it ?</P><P>The user should be specifically for the ASDM and not for the CLI mode .</P><P></P> Fri, 21 Feb 2020 08:46:40 GMT https://community.cisco.com/t5/network-security/configure-read-only-user-on-asa/m-p/518163#M428687 wim_depauw 2020-02-21T08:46:40Z https://community.cisco.com/t5/network-security/configure-read-only-user-on-asa/m-p/518164#M428696 <HTML><HEAD></HEAD><BODY><P>The ASDM has two options. Read only - Showing everything BUT the monitor screen or read/write - The regular admin screens showing all screens. To set for read only, setup a user with a privilege level of 5.</P><P></P><P>In the ADSM you should find the settings under</P><P>Configuration &gt; Features &gt; Device Administration &gt; Administration &gt; AAA Access &gt; Authorization Tab</P><P>Authorization lets you control access per user after you authenticate with a valid username and password. You can configure the security appliance to authorize management commands.</P><P> </P><P>Authorization lets you control which services and commands are available to an individual user.</P><P>Authentication alone provides the same access to services for all authenticated users.</P><P>When you enable command authorization, you have the option of manually assigning privilege levels to individual commands or groups of commands (using the Advanced... button) or enabling the Predefined</P><P> </P><P>User Account Privileges (using the Restore Predefined User Account Privileges button).</P><P>The Predefined User Account Privileges Setup panel displays a list of commands and privileges ASDM</P><P>issues to the security appliance if you click Yes. Yes allows ASDM to support the three privilege levels: Admin, Read Only and Monitor Only.</P><P>The complete explanation can be found in "ASDM Online Help, Release 5.0" at</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/application/pdf/en/us/guest/products/ps6121/c1225/ccmigration_09186a008045786c.pdf" target="_blank">http://www.cisco.com/application/pdf/en/us/guest/products/ps6121/c1225/ccmigration_09186a008045786c.pdf</A></P><P></P></BODY></HTML> Tue, 21 Mar 2006 16:35:49 GMT https://community.cisco.com/t5/network-security/configure-read-only-user-on-asa/m-p/518164#M428696 mchin345 2006-03-21T16:35:49Z