[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2717
  • Last Modified:

Read-only ADSM access (Cisco Pix/asa)

I need to grant some of our helpdesk users limited ASDM access. They need to be able to see the firewall rules, but not be able to make changes.

Granting read-only ASDM access only gives access to the home and monitoring "pages" and not the configuration.

I'd like to be able to create a user level (e.g. 5) that allows this, but I'm not sure how.
0
jonhicks
Asked:
jonhicks
  • 3
  • 3
2 Solutions
 
MikeKaneCommented:
IIRC, you use local AAA authorization and the command:

username <username> password <the password> encrypted privilege 5

That should use the predefined user priveleges for read only access to the ASDM.
0
 
MikeKaneCommented:
And, BTW,  Monitoring only access is privilege 3, not 5.
0
 
jonhicksAuthor Commented:
Ah, so there are pre-defined levels between 2 and 15? I thought you had to manually configure your own custom levels. I'll give this a go... thanks.
0
The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

 
MikeKaneCommented:
FYI:


Predefined User Account Command Privilege Setup

This pane asks whether you want the security appliance to set up user profiles named Admin, Read Only, and Monitor Only. You get to this pane by clicking Restore Predefined user Account Privileges on the Authorization tab of the Authentication/Authorization/Accounting pane.
0
 
jonhicksAuthor Commented:
Cheers. The solution was on the AAA Access / Authorization page, as per http://www9.cisco.com/en/US/docs/security/asa/asa80/asdm60/user/guide/devaccss.html#wp1286594.


 Assigning Privilege Levels to Commands and Enabling Authorization   To assign a command to a new privilege level, and enable authorization,  follow these steps:   Step 1      To enable command authorization, go to  Configuration > Device Management > Users/AAA > AAA Access >  Authorization, and check the Enable authorization for  command access > Enable check box.   Step 2      From the Server Group drop-down list,  choose LOCAL.   Step 3      When you enable local command  authorization, you have the option of manually assigning privilege  levels to individual commands or groups of commands or enabling the  predefined user account privileges.   • To use predefined user account  privileges, click Set ASDM Defined User Roles.   The ASDM Defined User Roles Setup dialog box shows the commands and  their levels. Click Yes to use the predefined user  account privileges: Admin (privilege level 15, with full access to all  CLI commands; Read Only (privilege level 5, with read-only access); and  Monitor Only (privilege level 3, with access to the Monitoring section  only).
Level 3 = monitoring, Level 5 = read-only, Level 15 = admin.
0
 
jonhicksAuthor Commented:
see cisco user guide for complete explanation.
0

Featured Post

IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now