I have not tested this but give it a go and see if it works, here you go :
- Import this custom TACACS Dictionary for APC
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TipsContents xmlns="http://www.avendasys.com/tipsapiDefs/1.0">
<TipsHeader exportTime="Tue Jul 14 16:24:09 EDT 2020" version="6.8"/>
<TacacsServiceDictionaries>
<TacacsServiceDictionary dispName="APC:Service-Type" name="APC:Service-Type">
<ServiceAttribute allowedValuesCsv="Admin,ReadOnly" dataType="String" dispName="APC-Service-Type" name="APC-Service-Type"/>
</TacacsServiceDictionary>
</TacacsServiceDictionaries>
</TipsContents>
- And then create 2x TACACs enforcement profiles (1x for Admin and 1x for ReadOnly):