NETCONF Access Control Model (NACM)

NETCONF Access Control Model (NACM) provides a means by which access can be granted to or restricted from groups in TNSR.

NACM is group-based and these groups and group membership lists are maintained in the NACM configuration.

User authentication is not handled by NACM, but by other processes depending on how the user connects. For examples, see Authentication and User Management and RESTCONF Server.

See also

The data model and procedures for evaluating whether a user is authorized to perform a given action are defined in RFC 8341.

Warning

TNSR Does not provide protection against changing the rules in such a way that causes a loss of access. Should a lockout situation occur, see Regaining Access if Locked Out by NACM.

NACM Defaults

TNSR version 18.08 or later includes a default set of NACM rules. These rules allow members of group admin to have unlimited access and sets the default policies to deny. By default this group includes the users tnsr and root.

See also

To see the specific rules from the default configuration, see NACM Example or view the current NACM configuration as described in View NACM Configuration.

For users of older installations or those who have removed the default NACM configuration, NACM defaults to disabled with no defined groups or rule lists, and with the following default policies:

Default Read policy : permit
Default Write policy: deny
Default Exec policy : permit