cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1027
Views
0
Helpful
2
Replies
Michael Cole
Beginner

What privilege level is required...

We are looking to possibly delegate setting up AnyConnect to our Helpdesk (limited to ASDM, adding Apple UDIDs to a Access Policy.)  The question I have is what privilege level should be assigned that will allow them to add the UDID and limit (as much as possible) other changes?

1 ACCEPTED SOLUTION

Accepted Solutions
Marvin Rhoads
VIP Community Legend

You will need to define local command authorization at custom privilege level at a level between 1-15 and assign the necessary commands to it (e.g Access-list, Configure, cmd in your example). Then assign your Helpdesk usernames that privilege level.

I don't believe you can restrict which access-lists they can edit - that's outside the scope of what you can do with ASDM (or the cli). you'd have to move to CSM or an external portal with more role-based access control tools built-in to get that granular.

See this section of the ASDM Configuration Guide for details.

View solution in original post

2 REPLIES 2
Marvin Rhoads
VIP Community Legend

You will need to define local command authorization at custom privilege level at a level between 1-15 and assign the necessary commands to it (e.g Access-list, Configure, cmd in your example). Then assign your Helpdesk usernames that privilege level.

I don't believe you can restrict which access-lists they can edit - that's outside the scope of what you can do with ASDM (or the cli). you'd have to move to CSM or an external portal with more role-based access control tools built-in to get that granular.

See this section of the ASDM Configuration Guide for details.

View solution in original post

Thanks, Marvin, that is very helpful.  Thank you for taking the time to answer.smiley

Create
Recognize Your Peers
Content for Community-Ad