Ok, I happened upon this today and thought it was a bit weird. We have a pair of ASA5520 as our primary firewalls.
We are using EasyVPN,and the usernames authenticate via the local username / PW configured on the firewall. All of these usernames have Privilege 0, however, these usernames are able to log into the firewall via SSH, AND when I use one of them to log into ASDM, they can go in and make config changes. I don't like that.I'm sure you can see why... How do I make it so that only my level 15 priv username can get logged in via ASDM? I've looked into AAA command authorization, but I don't see how that would apply to ASDM access.
Firewall setup:
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
username user password password priv 15
username user1 password password1 priv 0
username user2 password password2 priv 0
username user3 password password3 priv 0