I've run across something that has me curious. I've been playing with user account privilege levels on some routers & switches running IOS 12.2. I've found many webpages that explain how to set/modify the privilege level of specific commands, but I've found no documentation of what commands are included with the different privilege levels by default. Does any such documentation exist?
For example, say I have a local account with privilege level 5. Apparently by default privilege level 5 doesn't allow a user to clear interface counters. A higher level user could go into config and do "privilege exec level 5 clear counters" .... but unless one of the level 5 privileged users tells me they can't clear counters I wouldn't have had any way of knowing that command was blocked to them.
I've not found any command that will let me see which commands have been associated with a particular privilege level. The only thing I do know is that commands that have had their privilege levels modified will show up in the running config. But that doesn't help me know what the command defaults are.