Hi,
What is your "aaa" configuration?
The output of the following command should tell this
show run aaa
I am just wondering if you are using the configuration
aaa authentication enable console LOCAL
If you are using the "aaa" configurations only for the "http" , "telnet" and "ssh" and not "enable" then I guess no matter what ever "username" configuration you log in with then using the enable password will grant you full rights with regards to configurations.
If you had "aaa authentication enable console LOCAL" then I think the "privilege" set in the "username" configuration for the account sets the amount of commands you can use.
- Jouni