This is the documentation for the 20.02 version. Looking for the documentation of the latest version? Have a look here.
NETCONF Access Control Model (NACM)¶
NETCONF Access Control Model (NACM) provides a means by which access can be granted to or restricted from groups in TNSR.
NACM is group-based and these groups and group membership lists are maintained in the NACM configuration.
User authentication is not handled by NACM, but by other processes depending on how the user connects. For examples, see User Management and HTTP Server.
The data model and procedures for evaluating whether a user is authorized to perform a given action are defined in RFC 8341.
TNSR Does not provide protection against changing the rules in such a way that causes a loss of access. Should a lockout situation occur, see Regaining Access if Locked Out by NACM.
TNSR version 18.08 or later includes a default set of NACM rules. These rules
allow members of group
admin to have unlimited access and sets the default
deny. This configuration includes the users
root in the group admin.
To see the specific rules from the default configuration, see NACM Example or view the current NACM configuration as described in View NACM Configuration.
For users of older installations or those who have removed the default NACM configuration, NACM defaults to disabled with no defined groups or rule lists, and with the following default policies:
Default Read policy : permit Default Write policy: deny Default Exec policy : permit