1 module o-ran-usermgmt {
3 namespace "urn:o-ran:user-mgmt:1.0";
4 prefix "o-ran-usermgmt";
6 import ietf-netconf-acm {
9 "RFC 8341: Network Configuration Access Control Model";
12 import o-ran-wg4-features {
16 organization "O-RAN Alliance";
22 "This module defines the user management model for the O-RAN Equipment.
24 Copyright 2019 the O-RAN Alliance.
26 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 'AS IS'
27 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
30 LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
31 CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
32 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
33 INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
34 CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
35 ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
36 POSSIBILITY OF SUCH DAMAGE.
38 Redistribution and use in source and binary forms, with or without
39 modification, are permitted provided that the following conditions are met:
41 * Redistributions of source code must retain the above copyright notice,
42 this list of conditions and the above disclaimer.
43 * Redistributions in binary form must reproduce the above copyright notice,
44 this list of conditions and the above disclaimer in the documentation
45 and/or other materials provided with the distribution.
46 * Neither the Members of the O-RAN Alliance nor the names of its
47 contributors may be used to endorse or promote products derived from
48 this software without specific prior written permission.";
50 revision "2022-08-15" {
54 1) introduced SHARED-ORU-MULTI-OPERATOR feature.";
56 reference "ORAN-WG4.M.0-v10.00";
60 revision "2021-12-01" {
64 1) typographical corrections in descriptions";
66 reference "ORAN-WG4.M.0-v01.00";
69 revision "2020-12-10" {
73 1) updated description for enabled leaf";
75 reference "ORAN-WG4.M.0-v01.00";
78 revision "2019-07-03" {
82 1) change name leaf to type nacm:user-name-type
83 2) added account-type to qualify when password is required ";
85 reference "ORAN-WG4.M.0-v01.00";
88 revision "2019-02-04" {
92 1) imported model from xRAN
93 2) changed namespace and reference from xran to o-ran";
95 reference "ORAN-WG4.M.0-v01.00";
98 typedef password-type {
101 pattern "[a-zA-Z0-9!$%\\^()\\[\\]_\\-~{}.+]*" {
102 error-message "Password content does not meet the requirements";
106 "The password for this entry. This shouldn't be in clear text
107 The Password must contain at least 2 characters from
108 each of the following groups:
109 a) Lower case alphabetic (a-z)
110 b) Upper case alphabetic (A-Z)
112 d) Special characters Allowed !$%^()[]_-~{}.+
113 Password must not contain Username.";
117 description "a user list grouping";
121 "The list of local users configured on this device.";
123 type nacm:user-name-type;
125 "The user name string identifying this entry.
127 NOTE: o-ran-usermgmt:user-profile/user/name is
128 identical to nacm:nacm/groups/group/user-name
129 but the current schema is preserved for backwards
135 description "the user-name is for password based authentication";
138 description "the user-name is for certificate based authentication";
142 description "the account type";
146 nacm:default-deny-all;
149 "The password for this entry.
151 This field is only valid when account-type is NOT set to CERTIFICATE,
152 i.e., when account-type is NOT present or present and set to
158 "Indicates whether an account is enabled or disabled.
160 A NETCONF Server shall reject a configuration that attempts to
161 enable a Password account for an account where the password leaf
164 This validation statement is included in the YANG description and
165 not in a MUST statement to preserve backwards compatibility.";
168 if-feature feat:SHARED-ORU-MULTI-OPERATOR;
171 "An optional list if Shared Resource Operator identities associated with the
172 user-account. Used to realize enhanced access privileges in a shared O-RU.
173 When an sro-id is configured in the O-RU, the O-RU shall
174 implement additional sro-id based NETCONF access control
175 as specified in O-RAN.WG4.MP.0-v10.00.
176 The O-RU does not further interpret the specific value of sro-id.";
182 must "user/enabled='true'" {
183 error-message "At least one account needs to be enabled.";
185 //TAKE NOTE - any configuration with zero enabled users is invalid.
186 //This will typically be the case when using a simulated NETCONF Server
187 //and so this constraint should be removed when operating in those scenarios
189 //The config data base of the O-RAN equipment should ensure that the user
190 //default account is enabled on factory restart
192 description "list of user accounts";
197 description "the RPC used to change a password";
198 nacm:default-deny-all;
200 leaf currentPassword {
204 "provide the current password";
210 "provide a new password";
212 leaf newPasswordConfirm {
216 "re-enter the new password ";
224 description "change password operation is successful";
228 description "change password operation failed";
233 "Successful or Failed";
235 leaf status-message {
238 "Gives a more detailed reason for success / failure";