What are the various ISG operations that a user having Ready-write and Ready-only rights can perform?

ISG supports three levels of authorization or privileges:

1. Read-write: Allows users to log in to the CLI and execute all commands in all modes.
2. Read-only: Allows users to log in to the CLI and execute the following commands in standard mode:
   help
   ping
   show
   traceroute
   exit
3. None: Allows users to log in to the CLI, but the only available command for those users is exit. Users only have this privilege level if they are not a member of a user group or they are a member of a group that does not have read-write or read-only privileges assigned to it.

Users have the ability to allocate privileges to specific user groups. These privileges can then be assigned to individual users by adding them to the relevant groups. Privileges are global and take effect when the realm is active.
In the case of RADIUS realms, the ISG appliance relies on authentication responses from the RADIUS server to obtain the list of user groups within the realm. As a result, when assigning privileges to user groups, the appliance cannot verify their existence beforehand.

About the Enable Mode Password
Admin only configures one password for enable mode and it is shared among all users that have read-write privilege.