Core issue
The Authentication, Authorization, and Accounting (AAA) clients fail to directly log into enable mode after authentication on an ASA.
Resolution
This issue occurs because the ASA does not understand the cisco-avpair = "shell:priv-lvl=15" attribute.
The ASA supports AAA Exec Authorization functionality starting from ASA version 8.0(2).The command aaa authorization exec authentication-server can be used to configure this feature.
ASA versions earlier to 8.0(2) does not support this functionality and so it cannot be configured with TACACS or RADIUS. The workaround is to manually switch from the user mode to the enable mode.