[tac_plus] Certain Permissions on some IP's and wide open Permissions on other IP's for same user-group-acl

[dwnek at dollartree.com]

I would like to have two separate ACL's for one group. One ACL will allow a
network security group to run any command they want on switches they are
responsible for managing and the other ACL will only allow them to run some
show commands on any other network switch.  Is this possible?  Can I
configure one group in the tac_plus.cfg with two nested ACL's?  Please
provide a short config example.


Thank You, Derek