01-09-2018 09:07 PM - edited 02-21-2020 07:06 AM
Scenario:
I as an admin, and assign admin5 a privilege 5. so that he can create new users, let's say user3.
The problem is. how to restrict admin5 can only create user with privilege level lower than its own.
otherwise, even admin5 only have priviledge 5, he can create a new user with privilege 15.
01-09-2018 11:05 PM
Hi,
If you using any type of AAA server authentication like TACACS you can manage the privilege from there or from ASDM you can go to device manager>> AAA access>>>Authorization and manage the privilege from the specific user or group.
Hope this help!
01-10-2018 09:27 AM
@denilson.mota wrote:
Hi,
If you using any type of AAA server authentication like TACACS you can manage the privilege from there or from ASDM you can go to device manager>> AAA access>>>Authorization and manage the privilege from the specific user or group.
Hope this help!
====================
Hello,
Thanks for the quick reply,
I may need more explanation on my scenario:
1. Me: admin of the ASA, privilege 15
I create an authorization policy, which allow some user (like noc_user1) with privilege 5 to create new users (like vpn_user1).
2. my question is: How to restrict user noc_user1 can only create new users with lower privilege.
which means, any user with privilege 5 (and have been authorized to create new user), can
only create new users with privilege level lower than or equal to 5 (the creator's level)
--------------
I am currently using LOCAL database, but the question is same to Radius or Tacacs+.
#privilege cmd level 5 mode exec command username
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: