hi i am having problem with command authorisation with acs. i am having a full version of acs 3.3

i have configured my router like this.

R1

aaa new-model

aaa authentication login default none

aaa authentication login john default group tacacs+

aaa authorization console

aaa authorization exec bob group tacacs+

aaa authroization commands 5 bob group tacacs+

aaa authroization commands 15 bob group tacacs+

line vty 0 4

login authentication john

authorization exec bob

authroization commands 5 bob

authorization commands 15 bob

on the acs i have specified per user shell command authorisation and i have created 2 users

john and bob

john is configured with level 15

unmatched commands are permitted with unmatched arguments

bob is the level 5 user configured with

unmatched commands (deny)

add command configure

arguments permit terminal

unmatched arguments (deny)

john gets authenticated and authroisaed properly.

bob get authenticated and authorised properly as level 5 user

but he can't see the configure command in the exec mode

when he triies to execute the command configure

in the debug

av-user=bob

av-service=shell

av-cmd=connect

av-cmd-arg=configure

i tried the same with john

av-user=john

av-service=shell

av-user=configure

av-cmd-arg=terminal

when the request is sent from the user john it show service none privilege=15

but for user bob it shows

service none privilege=1

why the command is showing as connect and the arg as configure for user bob. i am got no idea abt this. and it is working fine for john. what could be the problem can anyone help me with this pls.i have working a lot on this to get this working .

sebastan