What privilege level is required...

We are looking to possibly delegate setting up AnyConnect to our Helpdesk (limited to ASDM, adding Apple UDIDs to a Access Policy.)  The question I have is what privilege level should be assigned that will allow them to add the UDID and limit (as much as possible) other changes?

You will need to define local command authorization at custom privilege level at a level between 1-15 and assign the necessary commands to it (e.g Access-list, Configure, cmd in your example). Then assign your Helpdesk usernames that privilege level.
I don't believe you can restrict which access-lists they can edit - that's outside the scope of what you can do with ASDM (or the cli). you'd have to move to CSM or an external portal with more role-based access control tools built-in to get that granular.
See this section of the ASDM Configuration Guide for details.

Similar Messages

  • Default Privilege Level for ASA users authenticated by Radius or TACACS when using ASDM

    Hello,
    I'm trying to figure out what the default privilege level is for users that are authenticated to the ASA via a remote authentication server when using the ASDM.
    the command "aaa authentication http console TACACS+ LOCAL" is used in the ASA config.
    The remote server is NOT setting any privilege levels for users.  There are also no aaa authorization commands present in the config.
    So what privilege level do the users receive when they login with the ASDM?  I'm being told that the users receive admin access which includes config write, reboot, and debug.  But I cannot find any documentation stating hte default level.
    Please advise.  And providing links to cisco documentation would be great too.
    Thanks,
    Brendan

    Hi Berendan,
    Hope the below exerpt from document clarifies your query. also i have provided the link to refer.
    About Authorization
    Authorization controls access per user after users authenticate. You can configure the security appliance to authorize the following items:
    •Management commands
    •Network access
    •VPN access
    Authorization controls the services and commands available to each authenticated user. Were you not to enable authorization, authentication alone would provide the same access to services for all authenticated users.
    If you need the control that authorization provides, you can configure a broad authentication rule, and then have a detailed authorization configuration. For example, you authenticate inside users who attempt to access any server on the outside network and then limit the outside servers that a particular user can access using authorization.
    The security appliance caches the first 16 authorization requests per user, so if the user accesses the same services during the current authentication session, the security appliance does not resend the request to the authorization server.
    http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/asdm60/user/guide/usrguide/aaasetup.html
    Regards
    Karthik

  • What privileges or role is required for user to acces the explain plan?

    Hi mates,
    Can anyone pls tell me what privileges or roles(grants) are requred for a user to access the explain plan in oORACLE 8i 8174..
    I think the select any dictionary is not valid for explain plan accessibility in 8i.
    Cheers.

    I already had that... Just that a user (not a dba) requires access to the explain plan and I dont want to grant him a dba role.
    Are you aware of any other grant I can give to the user?

  • What privileges are required to create XMLIndex in somebody else's schema?

    Hi,
    I'm logged in as "system as sysdba" and trying to create an XMLIndex in another schema called "eventschema". The command fails with "ORA-01031: insufficient privileges". How come I can create a relational index in eventschema, but not an XMLIndex? What privilege does system or eventschema need? I granted UNLIMITED_TABLESPACE to eventschema already, but that did not solve the problem.
    SQL> show user
    USER is "SYS"
    SQL> describe eventschema.event;
    Name                                      Null?    Type
    EVENT_ID                                  NOT NULL NUMBER(20)
    EVENT_UUID                                         VARCHAR2(50)
    RECORDTIME                                         TIMESTAMP(9)
    EVENTTIME                                          TIMESTAMP(9)
    EVENTXMLTEXT                              NOT NULL XMLTYPE STORAGE BINARY
    PARENTID                                           VARCHAR2(100)
    DOCUMENT_ID                               NOT NULL NUMBER(20)
    SQL> CREATE INDEX eventschema.idx ON eventschema.event(parentid);
    Index created.
    SQL> CREATE INDEX EVENTSCHEMA.eventXml1 ON EVENTSCHEMA.EVENT (EVENTXMLTEXT)
    INDEXTYPE IS XDB.XMLIndex
    PARAMETERS (
    'XMLTable eventXmlTable ''/ObjectEvent''
        COLUMNS action VARCHAR(15) PATH ''action''
    ');  2    3    4    5    6 
    CREATE INDEX EVENTSCHEMA.eventXml1 ON EVENTSCHEMA.EVENT (EVENTXMLTEXT)
    ERROR at line 1:
    ORA-29958: fatal error occurred in the execution of ODCIINDEXCREATE routine
    ORA-01031: insufficient privileges BANNER
    Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
    PL/SQL Release 11.2.0.1.0 - Production
    CORE    11.2.0.1.0      Production
    TNS for Linux: Version 11.2.0.1.0 - Production
    NLSRTL Version 11.2.0.1.0 - ProductionAny help is appreciated!
    Thanks!
    -- Daniela

    Are you really really sure... because the following works with the XMLTAB xmltype table still in place in the DANIELLA schema...
    SQL> connect daniella/daniella
    Connected.
    SQL> select segment_name, segment_type, tablespace_name from user_segments;
    SEGMENT_NAME                                       SEGMENT_TYPE    TABLESPACE_NAME
    XMLTAB                                             TABLE           USERS
    EVENTXMLTABLE                                      TABLE           SYSTEM
    TABLESPACE_QUOTA_TEST                              TABLE           SYSTEM
    SYS_IL0000020443C00003$$                           LOBINDEX        USERS
    SYS_C007115                                        INDEX           USERS
    SYS20491_20492_OID_IDX                             INDEX           SYSTEM
    SYS20491_20492_RID_IDX                             INDEX           SYSTEM
    SYS_LOB0000020443C00003$$                          LOBSEGMENT      USERS
    8 rows selected.
    SQL> drop index eventXml1 force;
    Index dropped.
    SQL> connect / as sysdba
    Connected.
    SQL> CREATE INDEX daniella.eventXml1 ON daniella.xmltab(object_value)
      2   INDEXTYPE IS XDB.XMLIndex
      3   PARAMETERS
      4   ('XMLTable eventXmlTable (TABLESPACE USERS)
      5     ''/ObjectEvent''
      6     COLUMNS
      7        action VARCHAR(15) PATH ''action''
      8   ');
    Index created.
    SQL>  select segment_name, segment_type, tablespace_name from dba_segments where owner='DANIELLA';
    SEGMENT_NAME                                       SEGMENT_TYPE    TABLESPACE_NAME
    XMLTAB                                             TABLE           USERS
    EVENTXMLTABLE                                      TABLE           USERS
    TABLESPACE_QUOTA_TEST                              TABLE           SYSTEM
    SYS_IL0000020443C00003$$                           LOBINDEX        USERS
    SYS_C007115                                        INDEX           USERS
    SYS20495_20496_OID_IDX                             INDEX           USERS
    SYS20495_20496_RID_IDX                             INDEX           USERS
    SYS_LOB0000020443C00003$$                          LOBSEGMENT      USERS
    8 rows selected.
    SQL> drop index daniella.eventXml1 force;
    Index dropped.
    SQL>  select segment_name, segment_type, tablespace_name from dba_segments where owner='DANIELLA';
    SEGMENT_NAME                                       SEGMENT_TYPE    TABLESPACE_NAME
    XMLTAB                                             TABLE           USERS
    TABLESPACE_QUOTA_TEST                              TABLE           SYSTEM
    SYS_IL0000020443C00003$$                           LOBINDEX        USERS
    SYS_C007115                                        INDEX           USERS
    SYS_LOB0000020443C00003$$                          LOBSEGMENT      USERS
    SQL> alter session set current_schema = daniella;
    Session altered.
    SQL> CREATE INDEX eventXml1 ON xmltab(object_value)
      2   INDEXTYPE IS XDB.XMLIndex
      3   PARAMETERS
      4   ('XMLTable eventXmlTable
      5     ''/ObjectEvent''
      6     COLUMNS
      7        action VARCHAR(15) PATH ''action''
      8   ');
    Index created.
    SQL> select segment_name, segment_type, tablespace_name from dba_segments where owner='DANIELLA';
    SEGMENT_NAME                                       SEGMENT_TYPE    TABLESPACE_NAME
    XMLTAB                                             TABLE           USERS
    EVENTXMLTABLE                                      TABLE           SYSTEM
    TABLESPACE_QUOTA_TEST                              TABLE           SYSTEM
    SYS_IL0000020443C00003$$                           LOBINDEX        USERS
    SYS_C007115                                        INDEX           USERS
    SYS20499_20500_OID_IDX                             INDEX           SYSTEM
    SYS20499_20500_RID_IDX                             INDEX           SYSTEM
    SYS_LOB0000020443C00003$$                          LOBSEGMENT      USERS
    8 rows selected.Edited by: Marco Gralike on Jul 15, 2011 10:47 PM

  • Create a privilege level that only allows access to show commands

    Hi,
    I would like to create a privilege level that would only give access to the show commands for certain users. What would be the best way to do this?
    Would I have to use the privilege mode level level command for every available show command or is there a more efficient way of doing this?
    In addition, could we manage such a privilege level from a Radius Server.
    Thanks for your help
    Stéphane

    Well, I think the best way to achive this is to use TACACS with command authorization feature.
    Configuration on the tacacs server ( only for show commands, read only access)
    http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml#scenario2
    These commands are required on an IOS router or switch in order to implement command authorization through an ACS server:
        aaa new-model
        aaa authorization config-commands
        aaa authorization commands 0 default  group tacacs+ local
        aaa authorization commands 1 default  group tacacs+ local
        aaa authorization commands 15 default group tacacs+ local
         tacacs-server host 10.1.1.1
         tacacs-server key cisco123
    These commands are required on ASA/PIX/FWSM in order to implement command authorization through an ACS server:
        aaa-server authserver protocol tacacs+
        aaa-server authserver host 10.1.1.1
        aaa authorization command authserver
    However, if you strictly want to use radius server then please try the below listed attribute for a single user or group.
    Service-Type = NAS Prompt
    http://www.ietf.org/assignments/radius-types/radius-types.xml#radius-types-4
    This might not work for ASDM.
    HTH
    Regards,
    Jatin
    Do rate helpful posts-

  • Privilege level with ACS

    I am trying to configure a group of users to get read only access onto our equipement ( switches and routers) and specifically show run or show start. i set the command set to permit those 2 commands and i created a rule for that group but it does work as desired.
    any ideas?  Thank you.

    There are a couple of ways that you can accomplish what you are looking to do.  What you need to remember is that when showing the running-config you can only see what you have authorization to configure so just allowing a RO user to execute the show run command isn't going to show them much.
    One thing you could do is to lower the privilege level required to run the "show configuration" command.  The command is "privilege exec level 1 show configuration" and would need to be applied to all your devices.  This would allow privilege level 1 users to view the startup-config but not the running-config.
    Since you are running ACS another solution would be to create a rule to permit these RO users to login and actually authorize at level 15 which by default allows one to configure everything (remember to be able see it in the running-config you must be authorized to configure it).  Then create a limited command set that only allows the commands they need to use.
    Hope this helps,
    Greg

  • What are the settings required for QM in procurement

    Hi Team,
    What are the settings required for QM in procurement. I have  set indicator for QM in procurement in QM view in material master.
    I am not clear about  following fields to be maintained in QM view.
    QM Control Key
    Certificate type
    Target QM system
    Tech. delivery terms Indicator.
    Please suggest me in which case to be used this fiels. Is it relivant to Quality Certificates.
    Thanks

    Hi,
    All meaning are
    QM Control Key :
    If you activate the indicator for QM in procurement in the material master record at the client level, you must also store a control key at the plant level for quality management in procurement.
    Certificate type :
    Certificate types applies to the Certificate processing in procurement  &  Certificate creation
    Target QM system :
    whether the vendor's verified QM system, according to vendor master record or quality info-record (for a combination of vendor/material) meets the requirements for QM systems as specified in the material master
    -  If you activate the indicator for QM in procurement in the material master record at the client level, you must also store a control key at the plant level for quality management in procurement. If you want Procurment control then accordingly define Control Key.
    -  If you want Vendor's perticular certificate for Material then you have to define Certificate type.
    Also, you have to maintain Material, Vendor's Info record at plant level.
    Thanks,
    JM

  • What are the network requirements with respect to latency in Forms?

    Our company is a global provider of online sourcing, procurement and collaboration solutions and services to Engineering, Procurement and Construction (EPC) projects and companies.
    We operate three Internet trading portals with 1000+ buyers & supplier companies around the world.
    The application is:
    - based on Forms 9.0.2
    - use SUN J2SE 1.4.2_0X on the client side
    - runs on the public Internet using SSL
    - hosted in Norway
    Some companies reports about bad response times and the users claims that our application runs slow. The application do not run slowly, it is very responsive - however it requires a good network connection. Upon request from our customer base I need to know what is the requirements for the network in order to achive an acceptable user experience?:
    - Maximum lantency
    - Minimum bandwith
    What where the design requirements Oracle set forth when developing Forms?
    There can be a lot of "latency" generating network equipment in the path between the user and our server farm: switches, routers, proxy servers, chaching servers, firewalls, packet shapers, QoS, etc. One customer have all of these goodies and our users in that company do not have fun with the Forms application! However, they do not belive that there is something wrong with the network because normal HTML based sites works OK!
    In order to help these customers I need (URGENTLY) to know what the network requirments are?

    Its difficult to answer since the limits on latency will be governed by the user expectiation....
    For example, a financail trading application which has fast data entry may see a latency of .7 second as not acceptable but this would be fine for an HR application.
    The thing is that a user action, such as navigation between fields, wil generate a round trip to the application server to check for triggers (regardless if there is a trigger to file or not). Its this behaviour that gives Forms is very rich productive interface.
    To compare with HTML is not reasonable since HTML can't do all these things like instant validation, masterdetail coordication, scrolling etc that Forms can do...
    Its like complaining that your Sports car uses more petrol that your 50cc moped!!! ;o) It uses more petrol because its doing so much more.... Ok, I digress but you get the idea.
    Forms will require a certain level of network performance. the figures for that performance will depend on user expectation/scenarios, the type of application and the way it is written (a badly written Forms application can still run slow even on a fast network).
    Using network tools you can work out the latency (ping) from client to server. If this result comes out a figure which is not acceptable then no amount of tweeking of Forms will get it to run faster...You either need to upgrade the network to improve this; or change the style of application (e.g. to and HTML application) which will only ping the server on a POST/GET request but you lose a huge amount of functionality...and you need to ask your end users if they can live with that.
    Hope that helps.
    Grant Ronald
    Forms Product Management

  • What are the minimum requirements to successfully Synchronize a SharePoint 2010 Calendar or Task List with Outlook 2010?

    What are the minimum requirements to successfully Synchronize a SharePoint 2010 Calendar or Task List with Outlook 2010?
    SharePoint permission levels required for the user profile?
    Does the user need top level permissions on the SharePoint site?
    What other minimum requirements must be met for Outlook 2010 to synchronize successfully with SharePoint 2010?
    TheDrape

    Hi,
    To synchronize these libraries and lists, you must have Outlook 2010 installed on your client computer and you must have Collaborate permission to the library or list.
    You don’t need any permissions for the user profile.
    I provide you a link about synchronizing SharePoint 2010 content with Outlook 2010 for your reference:
    http://office.microsoft.com/en-us/sharepoint-foundation-help/synchronize-sharepoint-2010-content-with-outlook-2010-HA101881295.aspx
    Thanks,
    Rock Wang
    Rock Wang TechNet Community Support

  • What all the prerequisites required for Combined Delivery &Invoice Process

    Dear Guru's
    Can you please educate me what all the prerequisites required for Combined Delivery Process(VL10A / VL10C) and Combined Invoice Process?
    Regards,
    Varma

    Hi ,
    For combined delivery you have to make some settings
    In the customer master XD01/VD01 in the shipping tab you have to check the ORDER COMBINATION  in the SHIPPING TAB
    In the COPY CONTROLS from Order to Delivery in VTAL at the Header you have to maintain the COMBINATION REQUIREMENT  as 051
    And also the data like
    INCO TERMS,
    SHIP TO PARTY
    DELIVERY DATE
    ROUTE
    SHIPPING POINT
    should be same for all the Orders
    To combine the Deliveries into Invoice
    you have to maintain the copy controls from DELIVERY TO BILLING in VTFL at the item level as 003
    And also certain data like
    PAYMENT TERMS
    PAYER
    BILLING DATE
    ACTUAL GI DATE
    INCO TERMS
    should be same for all the deliveries
    Please revert if you need any more
    regards,
    santosh

  • Aaa radius server control privilege level

    I've got radius authentication working on my switch, but I'm trying to allow two types of users login using Windows Active Directory. NetworkUsers who can view configuration and NetworkAdmins who can do anything. I would like for NetworkAdmins to when they login go directly into privilege level 15 but cant get that part to work. Here is my setup:
    Windows 2008 R2 Domain controller with NPS installed.
    Radius client: I have the IP of the switch along with the key. I have cisco selected under the vendor name in the advance tab
    Network Policies:
    NetworkAdmins which has the networkadmin group under conditions and under settings i have nothing listed under Standard and for Vendor Specific i have :
    Cisco-AV-Pair    Cisco    shell:priv-lvl=15
    My switch config:
    aaa new-model
    aaa group server radius MTFAAA
     server name dc-01
     server name dc-02
    aaa authentication login NetworkAdmins group MTFAAA local
    aaa authorization exec NetworkAdmins group MTFAAA local
    radius server dc-01
     address ipv4 10.0.1.10 auth-port 1645 acct-port 1646
     key 7 ******
    radius server dc-02
     address ipv4 10.0.1.11 auth-port 1645 acct-port 1646
     key 7 ******
    No matter what i do it doesnt default to privilege level 15 when i login. Any thoughts

    Have you specified the authorization exec group under line vty? I think it is authorization exec command. Something like that.

  • Privilege level 15 to ASA cli administrator via Radius

    Hello Friends!
    Is this supported yet on the ASA?  I want to be able to have radius assign privilege levels to firewall cli administrators.
    Upon login, I'd like them to be immediately be placed into "enabled mode" (without needing to know the local enable password).  I believe we can set the maximum privilege level the user can attain.  But for now, I simply want to have everyone go into priv level 15 without having to know the shared enable secret password.  Switching to tacacs isn't an option.
    I remember finding out a while back that this was not possible.  Please tell me this is now possible.  It's almost 2013.

    Thanks Marcin!
    Very interesting.  Now that you mention it, I do remember seeing someone use the login command after they had already logged in.  That's what they must have been doing.  I wonder what the thought process was in developing it this way.
    I suppose a few different ways around this are (since not everyone will know of this odd behavior and I'm not the only one logging in) to configure radius to authenticate users and then either:
    1.  Configure a MOTD banner that says "ATTENTION:  Type the command 'login', followed by your regular credentials AGAIN to be put into enable mode."
    or
    2.  Configure a MOTD banner that says "ATTENTION:  To gain enable mode privileges, type the command 'enable', followed by the password cisco.".
    Horrible idea?  Thoughts?
    // example of the second 'login' command working:
    ssh [email protected]
    [email protected]'s password:
    Warning!
    Warning!
    Type help or '?' for a list of available commands.
    fw1> ?
      clear       Reset functions
      enable      Turn on privileged commands
      exit        Exit from the EXEC
      help        Interactive help for commands
      login       Log in as a particular user
      logout      Exit from the EXEC
      no          Negate a command or set its defaults
      ping        Send echo messages
      quit        Exit from the EXEC
      show        Show running system information
      traceroute  Trace route to destination
    fw1> login
    Username: admin
    Password: *********
    fw1#
    fw1# sh run username
    username admin password encrypted privilege 15

  • Change in privilege level for the command show logging

    I have recently discovered a change in behavior in IOS. The command show logging has traditionally been available at user level. Now it has become a privilege level 15 command.
    I thought that this was strange and opened a case with Cisco TAC about it. I was told that this is a new "feature" that was implemented for bugid CSCsl61281. Unfortunately this bugid is viewable by Cisco internally but not viewable by the public.
    The TAC engineer tells me that this change is integrated into these releases:
    This was integrated into the following releases:
    12.4(24.05.01)PIX11
    12.4(21.14.09)PIC01
    12.4(19.03)T
    12.2(52.23)SIN
    12.2(33)SXI01
    12.2(32.08.11)SX229
    12.2(32.08.11)SR174
    I do not think that this is a good change. If you do not think that this is a good change I suggest that you contact your Cisco support team and express your opinion about this change.
    Otherwise as you go to new versions of IOS be aware of the potential impact on your network monitoring processes and procedures that show logging will require level 15 privilege access.
    HTH
    Rick

    Hi Rick,
    Can you suggest me references to know more about privilege level commands?
    How to enable different commands for different levels of privileges?
    Thanks.
    -Sudhish

  • Username with privilege level 15 bypass enable

    Hi experts,
    I guess I never really understand the authentication process on Cisco routers and devices lol. Anyway I want users with privilege level 15 to be put in the enable mode right away after login without having to type in "enable" command and enable password. Users with other privilege levels will still be put in the EXEC mode.
    AAA has to be enabled because I'm using it for 802.1x as well.
    The privilege level eventually will be assigned by Radius server but right now the user is created locally on the switch. Right now I have:
    aaa new-model
    username admin privilege 15 secret 5 $1$2bdl$VIp53G4/zpo4f9aHh.t5v0
    username cisco secret 5 $1$NGdD$ehTUzwappJFMxgA7tM/YW.
    line vty 0 5
    access-class 100 in
    exec-timeout 30 0
    logging synchronous
    transport input ssh
    And it's not working lol. No matter I log in with "admin" or "cisco" I'm put in EXEC mode... What do I have to do to achieve this?
    Thanks!

    Hi,
    The with default keyword authorization will get applied on all the lines i.e. CONSOLE, VTY, AUX.
    In case you want it for users who are trying to login to via ssh or telnet use the following:
    EXEC AUTHORIZATION
    Router
    router(config)#aaa authorization exec TEL GRoup radius local
    router(config)#line vty 0 15
    router(config-line)#authorization exec TEL
    ACS
    Interface configuration
    Check  user & group for cisco av-pair.
    User setup à cisco ios/pix 6.x radius attributes àcisco av-pair [ shell:priv-lvl=15]
    OR
    Group setup à ios/pix 6.x radius attributes à shell:priv-lvl=15
    In case of radius if exec authorization is enabled  and if have not specified any privilege level in the ACS server. Then user will fall under the privilege level 1 and if enable authentication is enabled  or enable password is defined  on the router then we can go to enable mode by typing en or en
    Regards,
    Anisha
    P.S.: please mark this thread as resolved if you think your query is answered.

  • Enable aaa accounting commands for all privilege levels?

    Here is the command's syntax:
    aaa accounting {auth-proxy | system | network | exec | connection | commands level} {default | list-name} {start-stop | stop-only | none} [broadcast] group groupname
    The "command" accounting type must include the privilege level of the commands you are logging. How do I log ALL commands?
    Take the following example:
    aaa accounting commands 15 default start-stop group mygroup
    If I issue this command will that mean commands the user executes that have a privilege level lower than 15 will not be logged? Or only commands that require exactly privilege level 15 will be logged?
    How can I log all commands regardless of privilege level?

    Hi Red,
    If you customize the command privilege level using the privilege command, you can limit which commands the appliance accounts for by specifying a minimum privilege level. The security appliance does not account for commands that are below the minimum privilege level.
    The default privilege level is 0. So if you don't specify any privilege level then all should be accounted for.
    You can find the command detail at. This is for ASA though.
    http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/command/reference/cmd_ref/a1.html#wp1535253
    Regards,
    Kanwal
    Note: Please mark answers if they are helpful.

Maybe you are looking for

  • HOW TO MAXIMIZE YOUR LAPTOP'S BATTERY LIFE

    Hi all, I had this bad experience of this wide problem in laptops, battery failure. It happens almost just after your warranty expires many will agree, funny & true..battery stops charging, shows less than 100% or 0% charge no matter how you try to c

  • Transport Request Ended with return code:  === 12 ===

    Hi Good day to you. We are able to move Transport Request from Development BW Client (with respect to an SEM-BCS Configuration) to Quality BW Client smoothly. But when we move the same TR to Production client, we are getting the following error messa

  • External hard drive not mounting - what's happening?

    All of a sudden one of my external firewire drives is not mounting, but that's not all.... it's not showing up in disk utility, not showing up in system profiler, not showing up on desktop, not showing up in finder, not showing up in Disk Warrior, an

  • Problems having video or audio chat

    I have a dotmac account. I have been trying to have a video chat with a friend on a MacBook Pro with the built in i-sight and an AIM account and keep getting the message below. Any ideas on how to solve the problem. I have a Powerbook G4 with the 10.

  • "Sharpening" an image

    Given an image I have to write a method that will "Sharpen" it. By sharpen, follow the formula newColorValue = (oldColorValue - min) * maxPossiblePixelValue / (max - min) where max and min are the maximum and minimum color values in the surrounding n