ACS 5.1 has a differnt policy based approach to assigning priveleges as opposed to ACS 4.x where these were stored
in either the user/group definitions.
Won't go into all the explanations on this. You have some good materials on the "Welcome" page in the GUI
Out the box, all TACACS+ requests get handled by the "Default Device Admin" policy
You can see the authorization results by going to: "Access Policies > Access Services > Default Device Admin > Authorization"
If you click on Defaltl to see the ersults for the default rule and then press "Create" you can now create a new set of TACACS+ attribute to be returned. Go to the "Custom Attributes" tab and you can the custom attributes.
This describes how to do it out the box. Thsi wil evolve as you build up your policies