Cisco ASA Series Cli Configuration Manual page 1018

Configuring AAA for System Administrators
Configuring Command Authorization
If you want to control access to commands, the ASA lets you configure command authorization, where
you can determine which commands that are available to a user. By default when you log in, you can
access user EXEC mode, which offers only minimal commands. When you enter the enable command
(or the login command when you use the local database), you can access privileged EXEC mode and
advanced commands, including configuration commands.
You can use one of two command authorization methods:
•
•
For more information about command authorization, see the
Authorization" section on page
This section includes the following topics:
•
•
•
•
Configuring Local Command Authorization
Local command authorization lets you assign commands to one of 16 privilege levels (0 to 15). By
default, each command is assigned either to privilege level 0 or 15. You can define each user to be at a
specific privilege level, and each user can enter any command at the assigned privilege level or below.
Cisco ASA Series CLI Configuration Guide
1-24
Local privilege levels
TACACS+ server privilege levels
Configuring Local Command Authorization, page 1-24
Viewing Local Command Privilege Levels, page 1-28
Configuring Commands on the TACACS+ Server, page 1-29
Configuring TACACS+ Command Authorization, page 1-30
1-16.
Chapter 1 Configuring Management Access
"Information About Command