How can I configure an ASA such that I can use a sub-priviledge 15 user to download the current config from http?
Solution 1:
Your AAA command is aaa authentication http console [your LDAP server group]
As far as the privilege level for that URL, it should just use the show run
authorization level which you can change with privilege show level 1 mode exec command running-config
but you might try turning on debug aaa authorization
if that doesn't work.
By default only a few commands are set to level 0 and the rest are level 15
Remember that privilege level 2+ are enable-mode privileges and that you may need to put your user at level 2 or higher in order to get the HTTPS server to allow them to login.
FWIW I tested this on my ASA with 8.2 code and was unable to get this to work with a user under level 15 even with show run
set to privilege level 2. I usually see configuration management accomplished with a command-line solution like Rancid