Cisco HOW-TO‎ > ‎

Setting Up Admin and Non-Admin users on an ASA

In some cases, it may be necessary to create users in the ASA's local user database. With the default ASA configuration any user is in the local user database has access to the ASA command line interface.  In order to prevent this, use the following configuration:
!Enabling authorization of exec commands
aaa authorization exec authentication-server
!Create the user jsmith and allow them admin access to the ASA.
username jsmith password 12345678 privilege 15
username jsmith attributes
 service-type admin
!Create the user mbrown and deny the user access to the ASA CLI.
username mbrown attributes
 service type remote-access