I have the following config:

aaa authentication login default group tacacs+ line

aaa authentication login NO_AUTHEN none

aaa authentication enable default group tacacs+ enable

aaa authorization console

aaa authorization config-commands

aaa authorization commands 0 default group tacacs+ if-authenticated 

aaa authorization commands 1 default group tacacs+ if-authenticated 

aaa authorization commands 15 default group tacacs+ if-authenticated 

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

With these settings, all users (including one used by Cisco Prime Network) require to enter enable password after logging in with their own credentials. 

I'd like to have a setup where the Prime user does not require to enter the enable password.

I tried this but all users access privileged mode immediately without enable.

aaa authentication login default group tacacs+ local

aaa authentication login CONSOLE local

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ local