1 module ietf-netconf-acm {
\r
3 namespace "urn:ietf:params:xml:ns:yang:ietf-netconf-acm";
\r
7 import ietf-yang-types {
\r
12 "IETF NETCONF (Network Configuration) Working Group";
\r
15 "WG Web: <https://datatracker.ietf.org/wg/netconf/>
\r
16 WG List: <mailto:netconf@ietf.org>
\r
17 Author: Andy Bierman
\r
18 <mailto:andy@yumaworks.com>
\r
19 Author: Martin Bjorklund
\r
20 <mailto:mbj@tail-f.com>";
\r
23 "Network Configuration Access Control Model.
\r
24 Copyright (c) 2012 - 2018 IETF Trust and the persons
\r
25 identified as authors of the code. All rights reserved.
\r
26 Redistribution and use in source and binary forms, with or
\r
27 without modification, is permitted pursuant to, and subject
\r
28 to the license terms contained in, the Simplified BSD
\r
29 License set forth in Section 4.c of the IETF Trust's
\r
30 Legal Provisions Relating to IETF Documents
\r
31 (https://trustee.ietf.org/license-info).
\r
32 This version of this YANG module is part of RFC 8341; see
\r
33 the RFC itself for full legal notices.";
\r
35 revision "2018-02-14" {
\r
37 "Added support for YANG 1.1 actions and notifications tied to
\r
38 data nodes. Clarified how NACM extensions can be used by
\r
39 other data models.";
\r
41 "RFC 8341: Network Configuration Access Control Model";
\r
44 revision "2012-02-22" {
\r
48 "RFC 6536: Network Configuration Protocol (NETCONF)
\r
49 Access Control Model";
\r
53 * Extension statements
\r
56 extension default-deny-write {
\r
58 "Used to indicate that the data model node
\r
59 represents a sensitive security system parameter.
\r
60 If present, the NETCONF server will only allow the designated
\r
61 'recovery session' to have write access to the node. An
\r
62 explicit access control rule is required for all other users.
\r
63 If the NACM module is used, then it must be enabled (i.e.,
\r
64 /nacm/enable-nacm object equals 'true'), or this extension
\r
66 The 'default-deny-write' extension MAY appear within a data
\r
67 definition statement. It is ignored otherwise.";
\r
70 extension default-deny-all {
\r
72 "Used to indicate that the data model node
\r
73 controls a very sensitive security system parameter.
\r
74 If present, the NETCONF server will only allow the designated
\r
75 'recovery session' to have read, write, or execute access to
\r
76 the node. An explicit access control rule is required for all
\r
78 If the NACM module is used, then it must be enabled (i.e.,
\r
79 /nacm/enable-nacm object equals 'true'), or this extension
\r
81 The 'default-deny-all' extension MAY appear within a data
\r
82 definition statement, 'rpc' statement, or 'notification'
\r
83 statement. It is ignored otherwise.";
\r
90 typedef user-name-type {
\r
95 "General-purpose username string.";
\r
98 typedef matchall-string-type {
\r
103 "The string containing a single asterisk '*' is used
\r
104 to conceptually represent all possible values
\r
105 for the particular leaf using this data type.";
\r
108 typedef access-operations-type {
\r
112 "Any protocol operation that creates a
\r
117 "Any protocol operation or notification that
\r
118 returns the value of a data node.";
\r
122 "Any protocol operation that alters an existing
\r
127 "Any protocol operation that removes a data node.";
\r
131 "Execution access to the specified protocol operation.";
\r
135 "Access operation.";
\r
138 typedef group-name-type {
\r
144 "Name of administrative group to which
\r
145 users can be assigned.";
\r
148 typedef action-type {
\r
152 "Requested action is permitted.";
\r
156 "Requested action is denied.";
\r
160 "Action taken by the server when a particular
\r
164 typedef node-instance-identifier {
\r
165 type yang:xpath1.0;
\r
167 "Path expression used to represent a special
\r
168 data node, action, or notification instance-identifier
\r
170 A node-instance-identifier value is an
\r
171 unrestricted YANG instance-identifier expression.
\r
172 All the same rules as an instance-identifier apply,
\r
173 except that predicates for keys are optional. If a key
\r
174 predicate is missing, then the node-instance-identifier
\r
175 represents all possible server instances for that key.
\r
176 This XML Path Language (XPath) expression is evaluated in the
\r
178 o The set of namespace declarations are those in scope on
\r
179 the leaf element where this type is used.
\r
180 o The set of variable bindings contains one variable,
\r
181 'USER', which contains the name of the user of the
\r
183 o The function library is the core function library, but
\r
184 note that due to the syntax restrictions of an
\r
185 instance-identifier, no functions are allowed.
\r
186 o The context node is the root node in the data tree.
\r
187 The accessible tree includes actions and notifications tied
\r
192 * Data definition statements
\r
196 nacm:default-deny-all;
\r
199 "Parameters for NETCONF access control model.";
\r
205 "Enables or disables all NETCONF access control
\r
206 enforcement. If 'true', then enforcement
\r
207 is enabled. If 'false', then enforcement
\r
211 leaf read-default {
\r
215 "Controls whether read access is granted if
\r
216 no appropriate rule is found for a
\r
217 particular read request.";
\r
220 leaf write-default {
\r
224 "Controls whether create, update, or delete access
\r
225 is granted if no appropriate rule is found for a
\r
226 particular write request.";
\r
229 leaf exec-default {
\r
233 "Controls whether exec access is granted if no appropriate
\r
234 rule is found for a particular protocol operation request.";
\r
237 leaf enable-external-groups {
\r
241 "Controls whether the server uses the groups reported by the
\r
242 NETCONF transport layer when it assigns the user to a set of
\r
243 NACM groups. If this leaf has the value 'false', any group
\r
244 names reported by the transport layer are ignored by the
\r
248 leaf denied-operations {
\r
249 type yang:zero-based-counter32;
\r
253 "Number of times since the server last restarted that a
\r
254 protocol operation request was denied.";
\r
257 leaf denied-data-writes {
\r
258 type yang:zero-based-counter32;
\r
262 "Number of times since the server last restarted that a
\r
263 protocol operation request to alter
\r
264 a configuration datastore was denied.";
\r
267 leaf denied-notifications {
\r
268 type yang:zero-based-counter32;
\r
272 "Number of times since the server last restarted that
\r
273 a notification was dropped for a subscription because
\r
274 access to the event type was denied.";
\r
279 "NETCONF access control groups.";
\r
285 "One NACM group entry. This list will only contain
\r
286 configured entries, not any entries learned from
\r
287 any transport protocols.";
\r
290 type group-name-type;
\r
292 "Group name associated with this entry.";
\r
295 leaf-list user-name {
\r
296 type user-name-type;
\r
298 "Each entry identifies the username of
\r
299 a member of the group associated with
\r
309 "An ordered collection of access control rules.";
\r
316 "Arbitrary name assigned to the rule-list.";
\r
320 type matchall-string-type;
\r
321 type group-name-type;
\r
324 "List of administrative groups that will be
\r
325 assigned the associated access rights
\r
326 defined by the 'rule' list.
\r
327 The string '*' indicates that all groups apply to the
\r
335 "One access control rule.
\r
336 Rules are processed in user-defined order until a match is
\r
337 found. A rule matches if 'module-name', 'rule-type', and
\r
338 'access-operations' match the request. If a rule
\r
339 matches, the 'action' leaf determines whether or not
\r
340 access is granted.";
\r
347 "Arbitrary name assigned to the rule.";
\r
352 type matchall-string-type;
\r
357 "Name of the module associated with this rule.
\r
358 This leaf matches if it has the value '*' or if the
\r
359 object being accessed is defined in the module with the
\r
360 specified module name.";
\r
364 "This choice matches if all leafs present in the rule
\r
365 match the request. If no leafs are present, the
\r
366 choice matches all requests.";
\r
367 case protocol-operation {
\r
370 type matchall-string-type;
\r
374 "This leaf matches if it has the value '*' or if
\r
375 its value equals the requested protocol operation
\r
379 case notification {
\r
380 leaf notification-name {
\r
382 type matchall-string-type;
\r
386 "This leaf matches if it has the value '*' or if its
\r
387 value equals the requested notification name.";
\r
393 type node-instance-identifier;
\r
396 "Data node instance-identifier associated with the
\r
397 data node, action, or notification controlled by
\r
399 Configuration data or state data
\r
400 instance-identifiers start with a top-level
\r
401 data node. A complete instance-identifier is
\r
402 required for this type of path value.
\r
403 The special value '/' refers to all possible
\r
404 datastore contents.";
\r
409 leaf access-operations {
\r
411 type matchall-string-type;
\r
412 type access-operations-type;
\r
416 "Access operations associated with this rule.
\r
417 This leaf matches if it has the value '*' or if the
\r
418 bit corresponding to the requested operation is set.";
\r
425 "The access control action associated with the
\r
426 rule. If a rule has been determined to match a
\r
427 particular request, then this object is used
\r
428 to determine whether to permit or deny the
\r
435 "A textual description of the access rule.";
\r