It could be hard to find the information about user rights on a Cisco ASA device.
Start the ASDM of the Cisco asa
Go the the configuration button and click on it.
Go to Device Management
Click on the + sign for Users/AAA
Click on AAA Access > Configure the type of access ( I choosed LOCAL )
Click on Authorization
Enable Server group ( LOCAL )
Set the ASDM Defined User Roles.
Enable the Perform authorization for exec shell access > to Local Server
Go to User Accounts and click on Add
Create a new user.
Give the user an username and a password.
Go to Access Restriction. You could now choose which Privilege level the user could get.
Select 5 (Read Only)
After this click on OKE and save the configuration of the ASA. Next time that the user with the read only rights logon to the device. The user can only read the configuration and not change it anything.
please can you tell me how can I uncheck the buttom ASDM set define user roles ? It seems once i click on it it wont get back !!
Have you tried to disable the option which used this setting. save the change and check if you reset it this way?
I have done exactly what is described here for a read-only user, and for the most part it works, but the user seems to have a Reset button at the bottom of the screen? What exactly does this enable?
hello Bert,
Do you mean the reset button in the ASDM while you configure this settings. If you press that button the settings go back to the previous state. I haven’t noticed yet that a read only user has this reset button. maybe it’s by design of the ASDM that a read-only user has a reset button too. When I’m able to check it out I will.
Thanks, Fred. I just want to make sure the read-only user cannot reset or reboot an interface or worse the ASA itself.
your welcome. I agree that’s the worst thing what can happen.
In response to Bert Vabre’s question the reset button undoes any pending changes to the firewall that have been set but not applied. So if start editing a firewall rule, then say, oops, that’s not what I want, reset button cancels those pending changes. -John