Re: [fw-wiz] ASA 8.0(4) -- Privilege Level to Create Users



Hey Todd--

Yes, there is. However, by giving the permission to someone to add/modify
users, they can modify their own privilege level. So this is sort of a
security through obscurity thing.

Try this:

privilege cmd level 5 mode exec command configure
privilege show level 5 mode configure command username
privilege cmd level 5 mode configure command configure
privilege cmd level 5 mode configure command username
privilege clear level 5 mode configure command username
privilege clear level 5 mode configure command configure

username jradmin password my-pass privilege 5

On Fri, Jan 16, 2009 at 8:35 AM, Todd Simons <tsimons@xxxxxxxxxxxxxxx>wrote:

Hello All



We have an ASA hosting connections for our Avaya VPN enabled IP phones. I
need to give access to a junior admin to create local user accounts on the
ASA. Is there a privilege level, or a custom level that I can build to
allow these commands to be entered by the jr admin without giving him access
to the whole ASA config:



username <username> password <password>

username <username> attributes

vpn-group-policy <GrpPolicyName>

service-type remote-access



Thanks,

~Todd

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards