Viewing local command privilege levels, Configuring commands on the tacacs+ server – Cisco ASA 5505 User Manual
Page 766
37-26
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 37 Configuring Management Access
Configuring AAA for System Administrators
Viewing Local Command Privilege Levels
The following commandslet you view privilege levels for commands.
Examples
For the show running-config all privilege all command, the ASA displays the current assignment of
each CLI command to a privilege level. The following is sample output from this command:
hostname(config)# show running-config all privilege all
privilege show level 15 command aaa
privilege clear level 15 command aaa
privilege configure level 15 command aaa
privilege show level 15 command aaa-server
privilege clear level 15 command aaa-server
privilege configure level 15 command aaa-server
privilege show level 15 command access-group
privilege clear level 15 command access-group
privilege configure level 15 command access-group
privilege show level 15 command access-list
privilege clear level 15 command access-list
privilege configure level 15 command access-list
privilege show level 15 command activation-key
privilege configure level 15 command activation-key
....
The following example displays the command assignments for privilege level 10:
hostname(config)# show running-config privilege level 10
privilege show level 10 command aaa
The following example displays the command assignments for the access-list command:
hostname(config)# show running-config privilege command access-list
privilege show level 15 command access-list
privilege clear level 15 command access-list
privilege configure level 15 command access-list
Configuring Commands on the TACACS+ Server
You can configure commands on a Cisco Secure Access Control Server (ACS) TACACS+ server as a
shared profile component, for a group, or for individual users. For third-party TACACS+ servers, see
your server documentation for more information about command authorization support.
See the following guidelines for configuring commands in Cisco Secure ACS Version 3.1; many of these
guidelines also apply to third-party servers:
•
The ASA sends the commands to be authorized as shell commands, so configure the commands on
the TACACS+ server as shell commands.
Command
Purpose
show running-config all privilege all
Shows all commands.
show running-config privilege level
level
Shows commands for a specific level. The level is an integer between 0
and 15.
show running-config privilege command
command
Shows the level of a specific command.