Local AAA on IOS and XE:
service password-encryption ===> encrypts all pwds
!
privilege exec all level 5 show ====> sets show commands in exec (#) privileges to level 5
!
!
username admin privilege 15 password admin
username L1 privilege 5 password L1
username L2 privilege 10 password L2
username L3 privilege 15 password L3
!
aaa new-model ===> enables AAA
!
!
aaa authentication login default local ====> enables user authentication during login using local database.
aaa authorization console ====> authorizes authenticated user to use console line
aaa authorization exec default local ====> authorizes authenticated user to access exec mode
aaa authorization commands 5 default local ====> authorizes authenticated user to use exec commands based on assigned privileges.
aaa authorization commands 10 default local ====> authorizes authenticated user to use exec commands based on assigned privileges.
aaa authorization commands 15 default local ====> authorizes authenticated user to use exec commands based on assigned privileges.
!
!
line con 0
login authentication default ======> use local database for authentication
authorization exec default ======> authorize authenticated local users to access exec mode
!
line vty 0 4
login authentication default ======> use local database for authentication
authorization exec default ======> authorize authenticated local users to access exec mode
!
for show run on any user level (only for local):
show run view full
note: rest all show commands work. Show run command have default privilege of 15. even after reconfigured to different, privilege level doesn't change. check show run view full for verification.