You can create multiple local user accounts and assign appropriate privileges to restrict access to configuration of the appliance and analysis of data.
A user role specifies the privileges that are granted to a user. With local authentication, you can create user roles for the web UI or for the API only via the CLI.
The table in the resource doc., with URL added at the end of this article, indicates the privileges available in each role.
Release : 2..x.x.x > 188.8.131.52
The "ReadOnly" user account, in Symantec CAS, will be able to view only outputs for services, in the running config. See the snippets below.
Other "show" output sub-commands available to the "ReadOnly" CAS user account include the below. See the highlighted portion in the snippetbelow.
Note: With the "ReadOnly" role, the user does not have access to the predominantly privilege- & configuration-mode commands. This user will have access only to the "Enable mode, with very limited commands, as already shown in the snippet above. The READ-ONLY user account, by design, does not have access to the cas# show running-config interface CLI command.
For the full details on the user roles in Symantec CAS, please refer to the resource doc. with URL below.