37-23
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter37 Configuring Management Access
Configuring AAA for System Administrators
For more information about command authorization, see the “Information About Command
Authorization” section on page37-14.
This section includes the following topics:
Configuring Local Command Authorization, page37-23
Viewing Local Command Privilege Levels, page37-26
Configuring Commands on the TACACS+ Server, page 37-26
Configuring TACACS+ Command Authorization, page 37-29
Configuring Local Command Authorization
Local command authorization lets you assign commands to one of 16 privilege levels (0 to 15). By
default, each command is assigned either to privilege level 0 or 15. You can define each user to be at a
specific privilege level, and each user can enter any command at the assigned privilege level or below.
The ASA supports user privilege levels defined in the local database, a RADIUS server, or an LDAP
server (if you map LDAP attributes to RADIUS attributes. See the “Configuring LDAP Attribute Maps”
section on page 35-18.)