TACACS and SSL Visibility have different privilege scales. When implementing TACACS with SSL Visibility, roles and privileges are duplicated after 7.
TACACS RFC utilizes a scale of 1 - 15 for privilege roles. SSL Visibility does not have 15 privilege roles, it only offers 7.
TACACS Level SSL Visibility Appliance Role
1 auditor + manage-appliance
2 auditor + manage-policy
3 auditor + manage-appliance + manage-policy
4 auditor + pki
5 auditor + manage-appliance + manage-pki
6 auditor + manage-policy + manage-pki
7 auditor + manage-appliance + manage-policy + manage-pki
In order to map to the TACACS draft RFC, SSL Visibility duplicates roles and privileges after 7. Per the draft RFC for TACACS+ :
"Privilege levels are ordered values from 0 to 15 with each level representing a privilege level that is a superset of the next lower value. If a NAS client uses a different privilege level scheme, then mapping must be provided."
To comply with the mapping requirement, SSL Visibility repeats privileges after 7.
At level 8, it cycles back to SSL Visibility level 0 and ascends again; so level 8=0, level 9=1, and so on.