Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2215
Views
0
Helpful
1
Replies

Creating a limited admin user account on an ASA?

benweber
Level 1
Level 1

‎04-29-2014 09:49 AM - edited ‎03-11-2019 09:08 PM

Hi All,

 

Wondering if this is possible. I want to create a user account on an ASA running 9.1(4) that just has the ability to create and delete other user accounts.  This ASA is running a webvpn with local authentication and I want the local folks to be able to add and remove user accounts but not to be able to do anything else to modify the config.

 

I've done a similar thing in the past so that users could issue specific "show" commands by creating a local account with a privilege level of  6 and then allowing that account the ability to issue show commands with the following lines:

 

username nopriv password <removed> privilege 6

privilege show level 6 mode exec command startup-config
 

Is it possible to do the same so that they only have access to the "username" commands?

 

Thanks,

 

Ben

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-29-2014 10:20 AM

The ASA has RBAC (Role-Based Access Control) similar to IOS. In ASDM, first customize the desired command privileges to apply to a level <15 (Configuration > Device Management > Users/AAA > AAA Access >Authorization).

Then, from the User Accounts menu in the same Configuration pane, create your limited admin users and modify their privilege level to the one you just customized.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card