http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800949d5.shtml可能会回答您的问题：

privilege exec level 3 show running 

由于奇怪的 IOS 架构原因，您需要拥有 15 级完全权限才能执行“show run”。

各种权限级别的现代替代品是RBAC或基于角色的访问控制。在这里，您可以逐个命令地定义每个用户单独的视图。您可以允许用户在配置模式下执行“show run”并在访问列表中添加新的许可行，但仅此而已。
RBAC 的好处是，用户也只能看到允许的命令，所以当她输入“？”时，只有向她显示的命令是操作员以前允许的命令。

示例配置：

parser view arbitrary_name
 commands ipenacl include permit ip
 commands ipenacl include permit
 commands configure include ip access-list extended
 commands configure include ip access-list
 commands configure include ip
 commands exec include configure terminal
 commands exec include configure
 commands exec include all show running-config
 commands exec include show
!
username some_user view arbitrary_name secret poop

以及它的样子：

bu.ip.fi#show ?
  flash:          display information about flash: file system
  parser          Display parser information
  running-config  Current operating configuration

bu.ip.fi#show running-config view full | i hostname
hostname bu.ip.fi
bu.ip.fi#configure ?
  terminal  Configure from the terminal
  <cr>

bu.ip.fi#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
bu.ip.fi(config)#?
Configure commands:
  do-exec  To run exec commands in config mode
  exit     Exit from configure mode
  ip       Global IP configuration subcommands

bu.ip.fi(config)#ip ?
Global IP configuration subcommands:
  access-list  Named access-list

bu.ip.fi(config)#ip access-list extended foo
bu.ip.fi(config-ext-nacl)#?
Ext Access List configuration commands:
  <1-2147483647>  Sequence Number
  exit            Exit from access-list configuration mode
  permit          Specify packets to forward

bu.ip.fi(config-ext-nacl)#

感谢@Teun Vink 找到解决这一点的链接。如果你仔细阅读文档，你会发现仅仅添加特权exec level 3 show running命令不会让用户看到很多实际配置。出于安全目的，思科根据您的权限级别和该级别可用的命令限制您可以看到的配置数量。

如果您授予用户权限 exec level 3 show config，他/她将被允许查看保存到内存中的最后一个配置，这可能与当前的运行配置不同。