Tip
This is the documentation for the 20.02 version. Looking for the documentation of the latest version? Have a look here.
NETCONF Access Control Model (NACM)¶
NETCONF Access Control Model (NACM) provides a means by which access can be granted to or restricted from groups in TNSR.
NACM is group-based and these groups and group membership lists are maintained in the NACM configuration.
User authentication is not handled by NACM, but by other processes depending on how the user connects. For examples, see User Management and HTTP Server.
See also
The data model and procedures for evaluating whether a user is authorized to perform a given action are defined in RFC 8341.
Warning
TNSR Does not provide protection against changing the rules in such a way that causes a loss of access. Should a lockout situation occur, see Regaining Access if Locked Out by NACM.
NACM Defaults¶
TNSR version 18.08 or later includes a default set of NACM rules. These rules
allow members of group admin
to have unlimited access and sets the default
policies to deny
. This configuration includes the users tnsr
and
root
in the group admin.
See also
To see the specific rules from the default configuration, see NACM Example or view the current NACM configuration as described in View NACM Configuration.
For users of older installations or those who have removed the default NACM configuration, NACM defaults to disabled with no defined groups or rule lists, and with the following default policies:
Default Read policy : permit
Default Write policy: deny
Default Exec policy : permit