• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 578
  • Last Modified:

Creation of Cisco IOS user ID with restricted command access

I would like to create a new user for a Cisco 1142 AP with restricted command access.

The user should only be able to edit access-list 700, and not have access to any other

Could anyone please help me with the config I need to create this new user?

Thanks in advance.
2 Solutions
What you're asking for is command authorization.  Basically you create a user ID with a "level" attached to it.  Default privilege levels are 0, 1 and 15, but you can define anything in between.  Level 0 is extremely limited, Level 1 a little more , and level 15 is full authorization.  You enable the desired configuration commands for that particular level, and when the user is authorized at that level, he's able to execute those commands but not others.   My recollection is command authorization in IOS is not local, and it requires a back-end TACACS server for specifying the type of commands and the commands themselves.  I don't recall seeing a clear, concise example on CCO, and while I suspect it probably works on wireless platforms, I'm not positive about that.  I'll see if I have anything in my archives as an example.
you can use parser view, you create a user and assign it to a group with specific rights. http://ccietobe.blogspot.com/2008/12/parser-view.html 
SuncoreAuthor Commented:
Thankyou, just the information and commands I was looking for.

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now