"RFC 8341: Network Configuration Access Control Model";
}
+ import o-ran-wg4-features {
+ prefix "feat";
+ }
+
organization "O-RAN Alliance";
contact
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.";
+ revision "2022-08-15" {
+ description
+ "version 10.0.0
+
+ 1) introduced SHARED-ORU-MULTI-OPERATOR feature.";
+
+ reference "ORAN-WG4.M.0-v10.00";
+ }
+
+
+ revision "2021-12-01" {
+ description
+ "version 1.3.0
+
+ 1) typographical corrections in descriptions";
+
+ reference "ORAN-WG4.M.0-v01.00";
+ }
+
revision "2020-12-10" {
description
"version 1.2.0
}
grouping user-list {
+ description "a user list grouping";
list user {
key "name";
description
description "the user-name is for password based authentication";
}
enum CERTIFICATE {
- description "the user-name is for certificate based authentciation";
+ description "the user-name is for certificate based authentication";
}
}
default "PASSWORD";
+ description "the account type";
}
leaf password {
This validation statement is included in the YANG description and
not in a MUST statement to preserve backwards compatibility.";
}
+ leaf-list sro-id {
+ if-feature feat:SHARED-ORU-MULTI-OPERATOR;
+ type string;
+ description
+ "An optional list if Shared Resource Operator identities associated with the
+ user-account. Used to realize enhanced access privileges in a shared O-RU.
+ When an sro-id is configured in the O-RU, the O-RU shall
+ implement additional sro-id based NETCONF access control
+ as specified in O-RAN.WG4.MP.0-v10.00.
+ The O-RU does not further interpret the specific value of sro-id.";
+ }
}
}
container users {
- // checkAS
- // must "user/enabled='true'" {
- // error-message "At least one account needs to be enabled.";
- // }
-
+ must "user/enabled='true'" {
+ error-message "At least one account needs to be enabled.";
+ }
//TAKE NOTE - any configuration with zero enabled users is invalid.
//This will typically be the case when using a simulated NETCONF Server
//and so this constraint should be removed when operating in those scenarios
}
rpc chg-password {
+ description "the RPC used to change a password";
nacm:default-deny-all;
input {
leaf currentPassword {
type enumeration {
enum "Successful" {
value 1;
+ description "change password operation is successful";
}
enum "Failed" {
value 2;
+ description "change password operation failed";
}
}
mandatory true;