I am also having this problem. I can manipulate the privilege levels to the point where a user can create rules through the CLI (despite getting a bunch of messages from ASDM that says "You are not allowed to modify ASA configuration because you do n...