cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
184
Views
0
Helpful
2
Replies
Highlighted
Beginner

ASA authorize a user to create user with only lower priviledge level.

Scenario:

I as an admin, and assign admin5 a privilege 5. so that he can create new users, let's say user3.

 

The problem is. how to restrict admin5 can only create user with privilege level lower than its own.

otherwise, even admin5 only have priviledge 5, he can create a new user with privilege  15.

 

Everyone's tags (1)
2 REPLIES 2
Highlighted
Beginner

Re: ASA authorize a user to create user with only lower priviledge level.

Hi,

 

If you using any type of AAA server authentication like TACACS you can manage the privilege from there or from ASDM you can go to device manager>> AAA access>>>Authorization and manage the privilege from the specific user or group.

 

Hope this help!

Beginner

Re: ASA authorize a user to create user with only lower priviledge level.


@denilson.mota wrote:

Hi,

 

If you using any type of AAA server authentication like TACACS you can manage the privilege from there or from ASDM you can go to device manager>> AAA access>>>Authorization and manage the privilege from the specific user or group.

 

Hope this help!


====================

Hello,

      Thanks for the quick reply, 

      I may need more explanation on my scenario:

      1. Me: admin of the ASA, privilege 15

          I create an authorization policy, which allow some user (like noc_user1) with privilege 5 to create new users (like vpn_user1).

      2. my question is: How to restrict user noc_user1 can only create new users with lower privilege.

          which means, any user with privilege 5 (and have been authorized to create new user), can   

         only create new users with privilege level lower than or equal to 5 (the creator's level)

  --------------

I am currently using LOCAL database, but the question is same to Radius or Tacacs+.

#privilege cmd level 5 mode exec command username