Yes you can do it by using Tacacs or Radius:

aaa new-model

aaa authentication login default group tacacs+ enable

aaa authorization exec default group tacacs+ none

You need to manually define all the commands for users in privilege level 7 using "privilege" commands.

For ex:

privilege interface level 7 shutdown

privilege configure level 7 interface

privilege exec level 7 conf t

privilege exec level 7 write memory

privilege exec level 7 reload

privilege exec level 7 show run

Then you need to configure Tacacs/Radius server to return privilege level 7:

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a008009465c.shtml

Zhenning