Thanx Ajay.....however i want to create a new user who can run only one specific command in the configuration mode. Is there a way to create a new priviledge level and assign only one command. If you can provide the commands it'll be quite helpful as i am not able to find it on the WEB.

privilege show level 5 command

Level can be anything but not 15. I dont have any live device with me at this moment where i can try if you have you can try very well. but this works you can restrict users to some specific commands.

Thanks

Ajay

We have a radius server which does authentication for ASA. So considering this, will the following commands accomplish our requirement.

----------------------------

aaa-server XXX protocol radius

aaa authentication telnet console XXX LOCAL

aaa authentication ssh console XXX LOCAL

aaa authorization command XXX LOCAL

username superadmin password privilege 15
Username restricteduser password privilege 5

privilege clear level 5 command crypto

---------------------------------------------

Just by adding the above commands, I assume that restricteduser will only be able to issue the clear ipsec sa commands leaving the superadmin user with full access.

Kindly confirm if this is correct and will not lock me out of firewall access.

Regards

Ahh I am sorry i misunderstood thought you do not have auth server.If you do have then the restriction will only be forced from Radius server. You need to look some guide for radius server what i told last was something on locally on ASA.

Sorry for that.

Thank you Ajay, I'll check the Radius Guide..:-)