Re: [fw-wiz] ASA 8.0(4) -- Privilege Level to Create Users



Hey Todd--

Yes, there is. However, by giving the permission to someone to add/modify
users, they can modify their own privilege level. So this is sort of a
security through obscurity thing.

Try this:

privilege cmd level 5 mode exec command configure
privilege show level 5 mode configure command username
privilege cmd level 5 mode configure command configure
privilege cmd level 5 mode configure command username
privilege clear level 5 mode configure command username
privilege clear level 5 mode configure command configure

username jradmin password my-pass privilege 5

On Fri, Jan 16, 2009 at 8:35 AM, Todd Simons <tsimons@xxxxxxxxxxxxxxx>wrote:

Hello All



We have an ASA hosting connections for our Avaya VPN enabled IP phones. I
need to give access to a junior admin to create local user accounts on the
ASA. Is there a privilege level, or a custom level that I can build to
allow these commands to be entered by the jr admin without giving him access
to the whole ASA config:



username <username> password <password>

username <username> attributes

vpn-group-policy <GrpPolicyName>

service-type remote-access



Thanks,

~Todd

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


Relevant Pages

  • Vpn site to site + vpn cisco client access list problem.
    ... fixup protocol dns maximum-length 512 ... crypto map vpnmap 9 match address 80 ... username admin password Vs.JwYvvku50bpmp encrypted privilege 15 ... privilege show level 0 command version ...
    (comp.dcom.sys.cisco)
  • Pix 506E Access problem
    ... I have to use the console; I can't SSH ... I'm just running command line so that's all I need. ... fixup protocol dns maximum-length 512 ... privilege show level 0 command version ...
    (comp.dcom.sys.cisco)
  • PIX 501 config question
    ... Interface: 212.130.214.10 ... Result of firewall command: "write term" ... no fixup protocol dns ... encrypted privilege 3 ...
    (comp.security.firewalls)
  • Re: [fw-wiz] ASA 8.0(4) -- Privilege Level to Create Users
    ... they can modify their own privilege level. ... privilege show level 5 mode configure command username ... I need to give access to a junior admin to create local user accounts on ...
    (Firewall-Wizards)
  • Re: Processing Ideas Needed:
    ... a selection can be added to a page to submit this command ... I don't want to give the user CMKRNL to be able to ... possession of a separate rights identifier guarding the ability to ... this is to use rights identifiers to extend the concept of privilege ...
    (comp.os.vms)