How can I configure an ASA such that I can use a sub-priviledge 15 user to download the current config from http?

cisco cisco-asa aaa

Solution 1:

Your AAA command is aaa authentication http console [your LDAP server group]

As far as the privilege level for that URL, it should just use the show run authorization level which you can change with privilege show level 1 mode exec command running-config but you might try turning on debug aaa authorization if that doesn't work.

By default only a few commands are set to level 0 and the rest are level 15

Remember that privilege level 2+ are enable-mode privileges and that you may need to put your user at level 2 or higher in order to get the HTTPS server to allow them to login.

FWIW I tested this on my ASA with 8.2 code and was unable to get this to work with a user under level 15 even with show run set to privilege level 2. I usually see configuration management accomplished with a command-line solution like Rancid

Related

Adding ssh key results in "Connection closed by "
How to disable version 1 and version 2c in snmpd?
Excessive Outbound DNS Traffic
How do I optimize TCP stack for HTTP server?
Options for PCI-DSS on AWS - file integrity monitoring and intrusion detection
Deploy an AWS Auto Scaling groups using Chef Server
Can I re-use IP address of a failed Domain Controller for a new Domain Controller
How to not move permissions on fileserver file move
maintenance/installation of ruby gems/ruby on rails on Linux in general and Gentoo
Can I buy an IP address range without buying from or becoming a member of my regional NIC?
Best way to backup MySQL database server running in Hyper-V
How to index MySQL from ElasticSearch