05-21-2014 08:53 AM
We are looking to possibly delegate setting up AnyConnect to our Helpdesk (limited to ASDM, adding Apple UDIDs to a Access Policy.) The question I have is what privilege level should be assigned that will allow them to add the UDID and limit (as much as possible) other changes?
Solved! Go to Solution.
05-21-2014 10:12 AM
You will need to define local command authorization at custom privilege level at a level between 1-15 and assign the necessary commands to it (e.g Access-list, Configure, cmd in your example). Then assign your Helpdesk usernames that privilege level.
I don't believe you can restrict which access-lists they can edit - that's outside the scope of what you can do with ASDM (or the cli). you'd have to move to CSM or an external portal with more role-based access control tools built-in to get that granular.
See this section of the ASDM Configuration Guide for details.
05-21-2014 10:12 AM
You will need to define local command authorization at custom privilege level at a level between 1-15 and assign the necessary commands to it (e.g Access-list, Configure, cmd in your example). Then assign your Helpdesk usernames that privilege level.
I don't believe you can restrict which access-lists they can edit - that's outside the scope of what you can do with ASDM (or the cli). you'd have to move to CSM or an external portal with more role-based access control tools built-in to get that granular.
See this section of the ASDM Configuration Guide for details.
05-22-2014 02:26 PM
Thanks, Marvin, that is very helpful. Thank you for taking the time to answer.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide