Hi Dave,
This is not my area of expertise but I did some poking around and found this which looks relevant:
Depending on the privilege level supplied by the TACACS+ server, the
login user is authorized as
a.) Super Admin (Perform all configuration and management tasks on ZD)
(priv-lvl > 2 ( 3 - 15 ) )
b.) Operator Admin (Configure services, but no Admin privilege on ZD, e.g. cannot change logins on ZD)
(priv-lvl = 2)
c.) Monitoring Admin (Monitoring and viewing operational status only)
(priv-lvl = 1)
----
Hope this helps.