First Local Access is on used when the router cannot connect to TACACS server and then uses local authentication.
from the user guide
Functions of the AAA services
If TACACS+ authentication is enabled, the request is sent to the TACACS+ server. If disabled, the router performs the authentication. At this point authorization is also performed. If TACACS+ authorization is disabled, the user access level is obtained from the local user table on the router. If TACACS+ authorization is enabled, an authorization request is sent to the TACACS+ server. The server returns a privilege level and may also return other attributed such as a new idle time for this session, which takes precedence over locally configured values.
When the user has been authenticated and access has been authorized, the login is allowed. If the connection is via telnet or SSH, a welcome message showing the access level and the method of authentication is displayed. If the access level was assigned locally the following message is displayed:
so if you do not enable authorisation the username has to match a user in the local database and the level comes from there and not the server.
in relation to HTTP/HTTPS this can have issues in connection what tacacs you are using as a cisco acs there are settings to allow after login the session is authorised and not the pages