Example IOS and XE

Network Diagnose & Troubleshoot

    Local AAA on IOS and XE:

service password-encryption ===> encrypts all pwds
!         
privilege exec all level 5 show ====> sets show commands in exec (#) privileges to level 5
! 
! 
username admin privilege 15 password admin
username L1 privilege 5 password L1
username L2 privilege 10 password L2
username L3 privilege 15 password L3
!
aaa new-model    ===> enables AAA
!
!
aaa authentication login default local       ====> enables user authentication during login using local database.
aaa authorization console                    ====> authorizes authenticated user to use console line
aaa authorization exec default local         ====> authorizes authenticated user to access exec mode
aaa authorization commands 5 default local   ====> authorizes authenticated user to use exec commands based on assigned privileges.
aaa authorization commands 10 default local  ====> authorizes authenticated user to use exec commands based on assigned privileges.
aaa authorization commands 15 default local  ====> authorizes authenticated user to use exec commands based on assigned privileges.
!
!
line con 0
login authentication default     ======> use local database for authentication
authorization exec default       ======> authorize authenticated local users to access exec mode
!
line vty 0 4
login authentication default     ======> use local database for authentication
authorization exec default       ======> authorize authenticated local users to access exec mode
!


for show run on any user level (only for local):
show run view full

note: rest all show commands work. Show run command have default privilege of 15. even after reconfigured to different, privilege level doesn't change. check show run view full for verification.