username cisco priv 3 secret cisco
This example shows adding a user of ‘cisco’ at privilege level 3 with a password of ‘cisco’.
privilege exec level 3 show run
privilege exec level 3 show start
privilege exec level 3 show running-config view
privilege exec level 3 show running-config view full
privilege exec level 3 more system:running-config
privilege exec level 3 show conf
privilege exec level 3 configure terminal
privilege configure all level 3 clock
This example gives them access to the above commands, including config access to change the clock settings.
file privilege 3
Without this, you cannot actually view contents of flash and nvram, the commands run, but provide no useful output.
If using no aaa new-model in your config, then the above will work without further changes. Otherwise:
aaa authentication login default local
aaa authentication enable default enable
aaa authorization console
aaa authorization exec default local
If the additional attributes are not added, it is possible your new user will be elevated to level 15.
Bear in mind that the enable secret will always allow users to move to privileged level 15, so do not provide the reduced access users the enable password.
Watch the video for clear explanations about each command.