cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
848
Views
0
Helpful
2
Replies
Highlighted
Beginner

What privilege level is required...

We are looking to possibly delegate setting up AnyConnect to our Helpdesk (limited to ASDM, adding Apple UDIDs to a Access Policy.)  The question I have is what privilege level should be assigned that will allow them to add the UDID and limit (as much as possible) other changes?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Guru

You will need to define local command authorization at custom privilege level at a level between 1-15 and assign the necessary commands to it (e.g Access-list, Configure, cmd in your example). Then assign your Helpdesk usernames that privilege level.

I don't believe you can restrict which access-lists they can edit - that's outside the scope of what you can do with ASDM (or the cli). you'd have to move to CSM or an external portal with more role-based access control tools built-in to get that granular.

See this section of the ASDM Configuration Guide for details.

View solution in original post

2 REPLIES 2
Highlighted
Hall of Fame Guru

You will need to define local command authorization at custom privilege level at a level between 1-15 and assign the necessary commands to it (e.g Access-list, Configure, cmd in your example). Then assign your Helpdesk usernames that privilege level.

I don't believe you can restrict which access-lists they can edit - that's outside the scope of what you can do with ASDM (or the cli). you'd have to move to CSM or an external portal with more role-based access control tools built-in to get that granular.

See this section of the ASDM Configuration Guide for details.

View solution in original post

Highlighted

Thanks, Marvin, that is very helpful.  Thank you for taking the time to answer.smiley

Content for Community-Ad