This is a snippet for the Cisco Pix firewall that create a 'limited user' account on the firewall itself. That user will have access to all 'show' diagnostic commands, as well as the ability to clear the error/usage counters on interfaces and to ping other devices.
This configuration does the following things:
aaa-server LOCAL protocol local aaa authentication enable console LOCAL aaa authorization command LOCAL username enable_15 password [PUT YOUR ENABLE PASSWORD HERE] privilege 15 username show password [PUT YOUR SHOW PASSWORD HERE] privilege 5 privilege show level 5 command aaa privilege show level 5 command aaa-server privilege show level 5 command access-group privilege show level 5 command access-list privilege show level 5 command activation-key privilege show level 5 command age privilege show level 5 command alias privilege show level 5 command apply privilege show level 5 command arp privilege show level 5 command auth-prompt privilege show level 5 command auto-update privilege show level 5 command banner privilege show level 5 command blocks privilege show level 5 command ca privilege show level 5 command capture privilege show level 5 command chunkstat privilege show level 5 command clock privilege show level 5 command conduit privilege show level 5 command conn privilege show level 5 command console privilege show level 5 command cpu privilege show level 5 command Crashinfo privilege show level 5 command crypto privilege show level 5 command ctiqbe privilege show level 5 command debug privilege show level 5 command dhcpd privilege show level 5 command dhcprelay privilege show level 5 command domain-name privilege show level 5 command dynamic-map privilege show level 5 command eeprom privilege show level 5 command established privilege show level 5 command failover privilege show level 5 command filter privilege show level 5 command fixup privilege show level 5 command flashfs privilege show level 5 command fragment privilege show level 5 command global privilege show level 5 command h225 privilege show level 5 command h245 privilege show level 5 command h323-ras privilege show level 5 command http privilege show level 5 command icmp privilege show level 5 command interface privilege show level 5 command ip privilege show level 5 command ipsec privilege show level 5 command isakmp privilege show level 5 command local-host privilege show level 5 command mac-list privilege show level 5 command map privilege show level 5 command memory privilege show level 5 command mgcp privilege show level 5 command management-access privilege show level 5 command mroute privilege show level 5 command mtu privilege show level 5 command multicast privilege show level 5 command name privilege show level 5 command nameif privilege show level 5 command names privilege show level 5 command nat privilege show level 5 command ntp privilege show level 5 command object-group privilege show level 5 command outbound privilege show level 5 command passwd privilege show level 5 command pdm privilege show level 5 command prefix-list privilege show level 5 command privilege privilege show level 5 command processes privilege show level 5 command rip privilege show level 5 command route privilege show level 5 command route-map privilege show level 5 command router privilege show level 5 command routing privilege show level 5 command running-config privilege show level 5 command service privilege show level 5 command shun privilege show level 5 command sip privilege show level 5 command skinny privilege show level 5 command snmp-server privilege show level 5 command ssh privilege show level 5 command startup-config privilege show level 5 command static privilege show level 5 command sysopt privilege show level 5 command tcpstat privilege show level 5 command tech-support privilege show level 5 command telnet privilege show level 5 command terminal privilege show level 5 command tftp-server privilege show level 5 command timeout privilege show level 5 command traffic privilege show level 5 command uauth privilege show level 5 command url-cache privilege show level 5 command url-block privilege show level 5 command url-server privilege show level 5 command username privilege show level 5 command virtual privilege show level 5 command vpdn privilege show level 5 command vpnclient privilege show level 5 command vpngroup privilege show level 5 command who privilege show level 5 command xlate privilege configure level 5 command ping privilege clear level 5 command interface privilege configure level 5 command disableDownload this snippet (plain text) here.