If you using any type of AAA server authentication like TACACS you can manage the privilege from there or from ASDM you can go to device manager>> AAA access>>>Authorization and manage the privilege from the specific user or group.
Hope this help!
Thanks for the quick reply,
I may need more explanation on my scenario:
1. Me: admin of the ASA, privilege 15
I create an authorization policy, which allow some user (like noc_user1) with privilege 5 to create new users (like vpn_user1).
2. my question is: How to restrict user noc_user1 can only create new users with lower privilege.
which means, any user with privilege 5 (and have been authorized to create new user), can
only create new users with privilege level lower than or equal to 5 (the creator's level)
I am currently using LOCAL database, but the question is same to Radius or Tacacs+.
#privilege cmd level 5 mode exec command username
... View more