Tacacs+ scenario: can i permit user to configure only for one interface and deny other

view full story

http://stackoverflow.com – I'm currently deploying tacacs+ with cisco device, i use tacacs server from here http://www.shrubbery.net/tac_plus/ my scenario is: i want to permit user to configure my router but only for specific interface, i.e to gigabitethernet0/0, after arrive at router(config-if)# that user can do whatever he want with that interface, but he can not change to other interface nor change configuration in router(config)#, so far my configuration in tac_plus.conf is like this #limited admin group = limitedadmin { default service = deny service = shell { priv-lvl = 15 } cmd = configure (HowTos)