Keep in mind though that "en" is a level 1 command, it has to be, otherwise you'd never be able to get out of level 1 into another level, right?
You've only set up authorization for level 5 commands, but this will still allow the user to do any level 1 commands (like "en" or even "quit").
You could move the enable command up to a level higher than level 5. Given that when you login as "admin" you'll go straight to level 15 access this would be OK, make sure you never remove that user though otherwise you'll never be able to get into "en" mode cause you won't have any users with the right privilege level to run it.
hi there since u are using local aaa. u have to specify the privilege levels and the commands the users are allowed to use. and since the level5 user is above level1 he will by default have access to all level 1 commands. to restrict the commands u can use a external acs. in which u can restrict each of the commands the user is trying to access. that will give u minute control.