Re: ASA 8.0(4) -- Privilege Level to Create Users

["Todd Simons" <tsimons () delphi-tech com>]

Thanks Chris-

This works, and is a temporary workaround (until I can get AAA in).
...the jr admin knows we will be watching and auditing!!

 

~Todd

 

From: firewall-wizards-bounces () listserv icsalabs com
[mailto:firewall-wizards-bounces () listserv icsalabs com] On Behalf Of
Christopher J. Wargaski
Sent: Friday, January 16, 2009 11:19 AM
To: Firewall Wizards Security Mailing List
Cc: Todd Simons
Subject: Re: [fw-wiz] ASA 8.0(4) -- Privilege Level to Create Users

 

Hey Todd--

 

   Yes, there is. However, by giving the permission to someone to
add/modify users, they can modify their own privilege level. So this is
sort of a security through obscurity thing.

 

Try this:

 

privilege cmd level 5 mode exec command configure

privilege show level 5 mode configure command username

privilege cmd level 5 mode configure command configure

privilege cmd level 5 mode configure command username

privilege clear level 5 mode configure command username

privilege clear level 5 mode configure command configure

 

username jradmin password my-pass privilege 5

 

On Fri, Jan 16, 2009 at 8:35 AM, Todd Simons <tsimons () delphi-tech com>
wrote:

Hello All

 

We have an ASA hosting connections for our Avaya VPN enabled IP phones.
I need to give access to a junior admin to create local user accounts on
the ASA.   Is there a privilege level, or a custom level that I can
build to allow these commands to be entered by the jr admin without
giving him access to the whole ASA config:

 

username <username> password <password>

username <username>  attributes

 vpn-group-policy <GrpPolicyName>

 service-type remote-access

 

Thanks,

~Todd

 

 


## Scanned by Delphi Technology, Inc. ##

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards