Hi,
I have ASA 7.0 (6) and ASDM 5.0, I have to create an user with read only access (Privilege level 5).
When trying to login with this user, it gives error that few commands need to be sent to the device, if I cancel that dialog box (not to send to device) then it gives message that there will be no access to configuration page on ASDM.. But when I click on send ( send commands to device) then I see the dialog box with the commands being sent to the device but at the end it says command authorization failed (due to read only access).
Please let me know in case any other info is required and help me in resolving this.
Thanks.
You can find solution on link below. Disregard ACS parts, it works for local authentication and authorization also:
https://supportforums.cisco.com/thread/217750
"Currently, logging in with a user of privilege 15, navigate to Configuration > Device Administration > AAA Access > Authorization. There is a button "Predefined User Account Privilege". If you select this and apply this, it will set a series of commands to a lower privilege based on what ASDM needs to authorize that user for either Read Only or Monitor Only access.
Then you would need to create a new user account with privilege 5 access so that ASDM is read only, or create a new user with privilege 3 for monitor-only access."
Regards!