Firewall Wizards mailing list archives
Re: ASA 8.0(4) -- Privilege Level to Create Users
From: "Todd Simons" <tsimons () delphi-tech com>
Date: Mon, 19 Jan 2009 14:49:38 -0500
Thanks Chris- This works, and is a temporary workaround (until I can get AAA in). ...the jr admin knows we will be watching and auditing!! ~Todd From: firewall-wizards-bounces () listserv icsalabs com [mailto:firewall-wizards-bounces () listserv icsalabs com] On Behalf Of Christopher J. Wargaski Sent: Friday, January 16, 2009 11:19 AM To: Firewall Wizards Security Mailing List Cc: Todd Simons Subject: Re: [fw-wiz] ASA 8.0(4) -- Privilege Level to Create Users Hey Todd-- Yes, there is. However, by giving the permission to someone to add/modify users, they can modify their own privilege level. So this is sort of a security through obscurity thing. Try this: privilege cmd level 5 mode exec command configure privilege show level 5 mode configure command username privilege cmd level 5 mode configure command configure privilege cmd level 5 mode configure command username privilege clear level 5 mode configure command username privilege clear level 5 mode configure command configure username jradmin password my-pass privilege 5 On Fri, Jan 16, 2009 at 8:35 AM, Todd Simons <tsimons () delphi-tech com> wrote: Hello All We have an ASA hosting connections for our Avaya VPN enabled IP phones. I need to give access to a junior admin to create local user accounts on the ASA. Is there a privilege level, or a custom level that I can build to allow these commands to be entered by the jr admin without giving him access to the whole ASA config: username <username> password <password> username <username> attributes vpn-group-policy <GrpPolicyName> service-type remote-access Thanks, ~Todd ## Scanned by Delphi Technology, Inc. ##
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- ASA 8.0(4) -- Privilege Level to Create Users Todd Simons (Jan 16)
- Re: ASA 8.0(4) -- Privilege Level to Create Users Christopher J. Wargaski (Jan 16)
- Re: ASA 8.0(4) -- Privilege Level to Create Users Todd Simons (Jan 26)
- Re: ASA 8.0(4) -- Privilege Level to Create Users Christopher J. Wargaski (Jan 16)