See the associated video here.
This example shows adding a user of ‘cisco’ at privilege level 3 with a password of ‘cisco’.
This example gives them access to the above commands, including config access to change the clock settings.
Without this, you cannot actually view contents of flash and nvram, the commands run, but provide no useful output.
aaa new-model
aaa authentication login default local
aaa authentication enable default enable
aaa authorization console
aaa authorization exec default local
If the additional attributes are not added, it is possible your new user will be elevated to level 15.
Bear in mind that the enable secret will always allow users to move to privileged level 15, so do not provide the enable password to your reduced access users.
Watch the video for clear explanations about each command.