Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
962
Views
0
Helpful
1
Replies

Cisco ASA firewall operator

Krasnoperov
Beginner
Beginner

‎05-28-2012 03:04 AM - edited ‎03-11-2019 04:12 PM

Hi,

I have an ASA 5585, I need to create user that have can only add, remove ,change rules in firewall section in ASDM, for other sections just read-only rights.

Anyone have this experience?

thanks

Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎05-28-2012 04:40 AM

You can't unfortunately specify just the firewall section for read/write access.

You can configure command authorization for specific command that you would like read/write access, however, in your case, the command would be access-list and access-list can belong to different section, ie: firewall, NAT, VPN, etc.

If you are interested, here is the document on command authorization for you reference:

http://www.cisco.com/en/US/docs/security/asa/asa84/asdm64/configuration_guide/access_management.html#wp1145888

Otherwise, the ASA only have 3 level of privileges:

- Admin (privilege level 15, with full access to all  CLI commands;

- Read Only (privilege level 5, with read-only access); and

- Monitor Only (privilege level 3, with access to the Monitoring section  only).

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents