NETCONF Access Control Model (NACM)¶
NETCONF Access Control Model (NACM) provides a means by which access can be granted to or restricted from groups in TNSR.
NACM is group-based and these groups and group membership lists are maintained in the NACM configuration.
The data model and procedures for evaluating whether a user is authorized to perform a given action are defined in RFC 8341.
TNSR Does not provide protection against changing the rules in such a way that causes a loss of access. Should a lockout situation occur, see Regaining Access if Locked Out by NACM.
TNSR version 18.08 or later includes a default set of NACM rules. These rules
allow members of group
admin to have unlimited access and sets the default
deny. This configuration includes the users
root in the group admin.
For users of older installations or those who have removed the default NACM configuration, NACM defaults to disabled with no defined groups or rule lists, and with the following default policies:
Default Read policy : permit Default Write policy: deny Default Exec policy : permit