Read Only Privilage ASDM 7.5

I have a user/password set up and set to level 5 under user accounts.
When I log it it seems it has level 15 access.
I see posting where they show to go into AAA Access, Authorization, enable -Set ASDM Defined User Roles
My main concern is affecting my LOCAL "admin" account and not have rights to correct it after this wizard runs.
(Aside from not committing to starup-config)

My authentication  is LOCAL only with an admin account named admin.  The Set ASDM Defined roles specifically says it will setup user profiles one being named admin.
Would this wipe my existing admin account and password?

Maybe I should clone another admin account with a different username.
I basically do not want an automated setup to wipe out my predefined profiles/passwords.
The level 5 user just needs to be able to run show commands, and in the ASDM see the hourly stats (top 10) and traffic overview.

Or is there a list of CLI commands I could apply to set this user level 5 up without letting the ASA apply multiple changes.
I do not have physical access to this ASA.  (EU)


I added

privilege show level 3 mode exec command logging
privilege show level 3 mode exec command blocks

and can now load the asdm level 3.

Now I just need the commands to show the dashboard interface stats, top 10 etc...
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

not an easy one. suggest you clear the log buffer, then do a normal login using asdm. then examine the log buffer to find all the commands executed by asdm. they will appear as %ASA-#-111008 or 111009 followed by the username and command. it will be a long and ugly list - expect about 60 or more commands depending on the asa version.

then it will be possible to adjust the commands required to be available to priv level 3 using the process already begun.

asdm was not intended to be used in this way, so there is no direct way to achieve this requirement.

fyi - its possible to provide different authentication and authorisation methods based on the access method. so for example ssh or telnet access can be kept as is with local authentication while http (asdm) can be tested with these changes. keep an active telnet or ssh session up while testing asdm changes. within asdm there is an option under preferences to preview commands prior to sending, providing another point to stop and think about whats about to happen! this should reduce the chances of becoming locked out of config mode. but expect that a couple of reboots might be required before the process is successfully completed.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PostQAuthor Commented:
Rebooting is not an issue as we have different work hours.  I also like the suggestion that we need multiple authentication methods.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.