I'm in the process of planning/deploying a large scale AAA TACACS+ system. Due to the scale of the project, routers are administered by different NetAdmins. I would like to create users that could log into "their" routers with level 15 authorization, and other routers with a lower level.
The only way I see to do this is have multiple TACACS+ servers, that is, one in each administrative domain with the approprite level of access. As I have many andministrative domains this would, double the TACACS server deployment.