I have a Cisco ASA with multiple context. I am trying to deny the use of the command "changeto context system", but allow authorized group to be able to change to any of the other context. When user types in the command they get denied.
I have entered "authorizedgroup <readonly group> permit service=shell cmd=changeto cmd-arg="context <other context name>" "authorizedgroup <readonly group> deny service=shell cmd=changeto cmd-arg="context system" "authorizedgroup <readonly group> deny .*"
_______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator