Hello David
I labbed this up to be sure. Initially, I issued the privilege interface level 8 no shutdown command. I then took a look at the running config and found this:
privilege interface level 8 shutdown
privilege interface level 8 no shutdown
privilege interface level 8 no
So by default, the full command as well as each individual keyword is added as a separate command
I then proceeded with the privilege interface level 9 no command and got this result in the running config:
privilege interface level 8 shutdown
privilege interface level 8 no shutdown
privilege interface level 9 no
Notice that the no shutdown command as a whole is still level 8, but the no command alone is level 9. Even so, this no keyword will make the no shutdown command unavailable for a user on privilege level 8.
You can use either TACACS+ or RADIUS for your AAA server. You can find out more about how to do this at the following lesson:
I hope this has been helpful!
Laz