Network Configuration Access Control Model.
Copyright (c) 2012 - 2018 IETF Trust and the persons identified as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC 8341; see the RFC itself for full legal notices.
Example URL
Parameters for NETCONF access control model.
ietf.netconf.acm.Nacm
Internal error
package main import ( "fmt" "net/http" "io/ioutil" ) func main() { url := "http://hostname/restconf/data/ietf-netconf-acm:nacm" req, _ := http.NewRequest("GET", url, nil) res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := ioutil.ReadAll(res.Body) fmt.Println(res) fmt.Println(string(body)) }
Example URL
Parameters for NETCONF access control model.
ietf.netconf.acm.Nacm to be added to list
denied-data-writes | integer <int32> Number of times since the server last restarted that a protocol operation request to alter a configuration datastore was denied. |
write-default | string (ietf.netconf.acm.WriteDefault) Enum: "permit" "deny" |
read-default | string (ietf.netconf.acm.ReadDefault) Enum: "permit" "deny" |
rule-list | Array of objects (ietf.netconf.acm.nacm.RuleList) An ordered collection of access control rules. |
enable-nacm | boolean Default: true Enables or disables all NETCONF access control enforcement. If 'true', then enforcement is enabled. If 'false', then enforcement is disabled. |
denied-notifications | integer <int32> Number of times since the server last restarted that a notification was dropped for a subscription because access to the event type was denied. |
exec-default | string (ietf.netconf.acm.ExecDefault) Enum: "permit" "deny" |
groups | object (ietf.netconf.acm.nacm.Groups) |
enable-external-groups | boolean Default: true Controls whether the server uses the groups reported by the NETCONF transport layer when it assigns the user to a set of NACM groups. If this leaf has the value 'false', any group names reported by the transport layer are ignored by the server. |
denied-operations | integer <int32> Number of times since the server last restarted that a protocol operation request was denied. |
Object created
Internal error
Object already exists
Example URL
Parameters for NETCONF access control model.
ietf.netconf.acm.Nacm to be added or updated
ietf-netconf-acm:nacm | object (ietf.netconf.acm.Nacm) |
Object created
Object modified
Internal error
Example URL
Parameters for NETCONF access control model.
Object deleted
Internal error
package main import ( "fmt" "net/http" "io/ioutil" ) func main() { url := "http://hostname/restconf/data/ietf-netconf-acm:nacm" req, _ := http.NewRequest("DELETE", url, nil) res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := ioutil.ReadAll(res.Body) fmt.Println(res) fmt.Println(string(body)) }
Example URL
NETCONF access control groups.
ietf.netconf.acm.nacm.Groups
Internal error
package main import ( "fmt" "net/http" "io/ioutil" ) func main() { url := "http://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups" req, _ := http.NewRequest("GET", url, nil) res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := ioutil.ReadAll(res.Body) fmt.Println(res) fmt.Println(string(body)) }
Example URL
NETCONF access control groups.
ietf.netconf.acm.nacm.Groups to be added to list
group | Array of objects (ietf.netconf.acm.nacm.groups.Group) One NACM group entry. This list will only contain configured entries, not any entries learned from any transport protocols. |
Object created
Internal error
Object already exists
Example URL
NETCONF access control groups.
ietf.netconf.acm.nacm.Groups to be added or updated
ietf-netconf-acm:groups | object (ietf.netconf.acm.nacm.Groups) |
Object created
Object modified
Internal error
Example URL
NETCONF access control groups.
Object deleted
Internal error
package main import ( "fmt" "net/http" "io/ioutil" ) func main() { url := "http://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups" req, _ := http.NewRequest("DELETE", url, nil) res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := ioutil.ReadAll(res.Body) fmt.Println(res) fmt.Println(string(body)) }
Example URL
One NACM group entry. This list will only contain configured entries, not any entries learned from any transport protocols.
ietf.netconf.acm.nacm.groups.Group to be added to list
user-name | Array of strings Each entry identifies the username of a member of the group associated with this entry. |
name | string Group name associated with this entry. |
Object created
Internal error
Object already exists
Example URL
One NACM group entry. This list will only contain configured entries, not any entries learned from any transport protocols.
name required | string Id of group |
ietf.netconf.acm.nacm.groups.Group
Internal error
package main import ( "fmt" "net/http" "io/ioutil" ) func main() { url := "http://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups/ietf-netconf-acm:group=%7Bname%7D" req, _ := http.NewRequest("GET", url, nil) res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := ioutil.ReadAll(res.Body) fmt.Println(res) fmt.Println(string(body)) }
Example URL
One NACM group entry. This list will only contain configured entries, not any entries learned from any transport protocols.
name required | string Id of group |
ietf.netconf.acm.nacm.groups.Group to be added to list
user-name | Array of strings Each entry identifies the username of a member of the group associated with this entry. |
name | string Group name associated with this entry. |
Object created
Internal error
Object already exists
Example URL
One NACM group entry. This list will only contain configured entries, not any entries learned from any transport protocols.
name required | string Id of group |
ietf.netconf.acm.nacm.groups.Group to be added or updated
ietf-netconf-acm:group | object (ietf.netconf.acm.nacm.groups.Group) |
Object created
Object modified
Internal error
Example URL
One NACM group entry. This list will only contain configured entries, not any entries learned from any transport protocols.
name required | string Id of group |
Object deleted
Internal error
package main import ( "fmt" "net/http" "io/ioutil" ) func main() { url := "http://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:groups/ietf-netconf-acm:group=%7Bname%7D" req, _ := http.NewRequest("DELETE", url, nil) res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := ioutil.ReadAll(res.Body) fmt.Println(res) fmt.Println(string(body)) }
Example URL
An ordered collection of access control rules.
ietf.netconf.acm.nacm.RuleList to be added to list
name | string Arbitrary name assigned to the rule-list. |
rule | Array of objects (ietf.netconf.acm.nacm.rulelist.Rule) One access control rule.
|
group | Array of strings List of administrative groups that will be assigned the associated access rights defined by the 'rule' list.
|
Object created
Internal error
Object already exists
Example URL
An ordered collection of access control rules.
name required | string Id of rule-list |
ietf.netconf.acm.nacm.RuleList
Internal error
package main import ( "fmt" "net/http" "io/ioutil" ) func main() { url := "http://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:rule-list=%7Bname%7D" req, _ := http.NewRequest("GET", url, nil) res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := ioutil.ReadAll(res.Body) fmt.Println(res) fmt.Println(string(body)) }
Example URL
An ordered collection of access control rules.
name required | string Id of rule-list |
ietf.netconf.acm.nacm.RuleList to be added to list
name | string Arbitrary name assigned to the rule-list. |
rule | Array of objects (ietf.netconf.acm.nacm.rulelist.Rule) One access control rule.
|
group | Array of strings List of administrative groups that will be assigned the associated access rights defined by the 'rule' list.
|
Object created
Internal error
Object already exists
Example URL
An ordered collection of access control rules.
name required | string Id of rule-list |
ietf.netconf.acm.nacm.RuleList to be added or updated
ietf-netconf-acm:rule-list | object (ietf.netconf.acm.nacm.RuleList) |
Object created
Object modified
Internal error
Example URL
An ordered collection of access control rules.
name required | string Id of rule-list |
Object deleted
Internal error
package main import ( "fmt" "net/http" "io/ioutil" ) func main() { url := "http://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:rule-list=%7Bname%7D" req, _ := http.NewRequest("DELETE", url, nil) res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := ioutil.ReadAll(res.Body) fmt.Println(res) fmt.Println(string(body)) }
Example URL
One access control rule.
Rules are processed in user-defined order until a match is
found. A rule matches if 'module-name', 'rule-type', and
'access-operations' match the request. If a rule
matches, the 'action' leaf determines whether or not
access is granted.
name required | string Id of rule-list |
ietf.netconf.acm.nacm.rulelist.Rule to be added to list
path | string Data node instance-identifier associated with the data node, action, or notification controlled by this rule.
|
notification-name | string This leaf matches if it has the value '*' or if its value equals the requested notification name. |
access-operations | string Default: "*" Access operations associated with this rule.
|
name | string Arbitrary name assigned to the rule. |
action | string (ietf.netconf.acm.ActionType) Enum: "permit" "deny" |
module-name | string Default: "*" Name of the module associated with this rule.
|
comment | string A textual description of the access rule. |
rpc-name | string This leaf matches if it has the value '*' or if its value equals the requested protocol operation name. |
Object created
Internal error
Object already exists
Example URL
One access control rule.
Rules are processed in user-defined order until a match is
found. A rule matches if 'module-name', 'rule-type', and
'access-operations' match the request. If a rule
matches, the 'action' leaf determines whether or not
access is granted.
name required | string Id of rule-list |
rule-name required | string Id of rule |
ietf.netconf.acm.nacm.rulelist.Rule
Internal error
package main import ( "fmt" "net/http" "io/ioutil" ) func main() { url := "http://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:rule-list=%7Bname%7D/ietf-netconf-acm:rule=%7Brule-name%7D" req, _ := http.NewRequest("GET", url, nil) res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := ioutil.ReadAll(res.Body) fmt.Println(res) fmt.Println(string(body)) }
Example URL
One access control rule.
Rules are processed in user-defined order until a match is
found. A rule matches if 'module-name', 'rule-type', and
'access-operations' match the request. If a rule
matches, the 'action' leaf determines whether or not
access is granted.
name required | string Id of rule-list |
rule-name required | string Id of rule |
ietf.netconf.acm.nacm.rulelist.Rule to be added to list
path | string Data node instance-identifier associated with the data node, action, or notification controlled by this rule.
|
notification-name | string This leaf matches if it has the value '*' or if its value equals the requested notification name. |
access-operations | string Default: "*" Access operations associated with this rule.
|
name | string Arbitrary name assigned to the rule. |
action | string (ietf.netconf.acm.ActionType) Enum: "permit" "deny" |
module-name | string Default: "*" Name of the module associated with this rule.
|
comment | string A textual description of the access rule. |
rpc-name | string This leaf matches if it has the value '*' or if its value equals the requested protocol operation name. |
Object created
Internal error
Object already exists
Example URL
One access control rule.
Rules are processed in user-defined order until a match is
found. A rule matches if 'module-name', 'rule-type', and
'access-operations' match the request. If a rule
matches, the 'action' leaf determines whether or not
access is granted.
name required | string Id of rule-list |
rule-name required | string Id of rule |
ietf.netconf.acm.nacm.rulelist.Rule to be added or updated
ietf-netconf-acm:rule | object (ietf.netconf.acm.nacm.rulelist.Rule) |
Object created
Object modified
Internal error
Example URL
One access control rule.
Rules are processed in user-defined order until a match is
found. A rule matches if 'module-name', 'rule-type', and
'access-operations' match the request. If a rule
matches, the 'action' leaf determines whether or not
access is granted.
name required | string Id of rule-list |
rule-name required | string Id of rule |
Object deleted
Internal error
package main import ( "fmt" "net/http" "io/ioutil" ) func main() { url := "http://hostname/restconf/data/ietf-netconf-acm:nacm/ietf-netconf-acm:rule-list=%7Bname%7D/ietf-netconf-acm:rule=%7Brule-name%7D" req, _ := http.NewRequest("DELETE", url, nil) res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := ioutil.ReadAll(res.Body) fmt.Println(res) fmt.Println(string(body)) }