[c-nsp] user privilege question cisco asa
dalton
daltons at panix.com
Sun Aug 28 02:41:09 EDT 2011
Hi,
I have an asa 5510 with a bunch of local users for vpn. What I am looking to do is to allow one of these users, lets say bob, to create users as well as reset user passwords, but nothing
else. I have read through some docs, and I think I get it, but just want to confirm before implementing on a live ASA.
i create a privilege group with the relevant commands assigned to it. Something like:
privilege cmd level 12 mode configure command username
privilege clear level 12 mode configure command username
then create a user assigned to this priv level
username bob password asdasdsa privilege 12
Is this correct? Will this configuration allow user bob, to create users as well as clear them? Or am I missing something?
I also don't want to do anything that will effect the current operations of asa, as it is live and in production (i.e. lock myself out or some such).
Thanks in advance for any help.
Regards,
Dalton
More information about the cisco-nsp
mailing list