@Sander, You were in the right area. Policy->Results->Authorization->Authorization Profiles.Create AuthZ profile for Access-Accept and Under the Advanced Attributes Settings you can use:Cisco:cisco-av-pair = shell:priv-lvl=15or whatever privilege le...