my approach would be generating (up to 13) privelege-set(s) on the device & then bind corresponding privelege-level to either local user or radius or tacacs user (by returning specific privelege in AccessAccept for last 2). & then creation of the Device-instance corresponding to defined privilege-level by using corresponding user's creds in Device-settings for Terminal.
yes, it's painful, but i dont see anything else.
what is your approach if it's not a secret?

but from my pov lack of this feature in RADKit is serious weakness of this platform.

Hi Rana
thanks for input. any hints on scopes of Interactive, Exec, Upload & Download? Intuitively i ussume that Exec covers all exec mode commands, upload/download may be about "copy" command, etc but more details would give more help.
Thank u

thanks. i've just created external source with tacacs & tried to create device-template with use of "external_source: tacacs_1 & received validation error

sorry, i cannot copy text there as it's protected env.
what is the reason for this error & how to remediate?

Hey @Andrii Oliinyk ,

Can you open SR for RADKit support to take a proper look into this? The steps will be the normal case opening procedure with choosing RADKit as a technology after picking a license for any device added in RADKit inventory.

If you have problems with that, please feel free to inbox me the email that you use with Cisco.

can we try maybe 1st other way around? do you have an example of how to configure tacacs remote_source for device authentication? 

  external_source:
    # Optional reference to external source (default: null)
    name: external_source_name
    # Mandatory string
    params:
      key1: value1
      # Optional keys and values can use template stringsso far i did it like in 

so far i did it like in the docs except of that meaningless keyX pairs. so i'm trying to put only "name: radiator"
where radiator is a name of tacacs server i defined in External sources

1.8.8. i believe it's latest