[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: partial locking and access control

To: Andy Bierman <ietf@andybierman.com>
Subject: Re: partial locking and access control
From: Phil Shafer <phil@juniper.net>
Date: Fri, 07 Dec 2007 15:00:03 -0500
Cc: "Netconf (E-mail)" <netconf@ops.ietf.org>
In-reply-to: <47597E9C.6060505@andybierman.com>

Andy Bierman writes:
>The standard access control model in NETCONF is that every user has
>access to every part of every configuration database.

If every user had access to every part of the config, we wouldn't
need the "access-denied" error-app-tag.

There is no standard access control model in NETCONF.  Access
control is left to the implementation, which will hopefully
ape whatever's in the CLI.

Thanks,
 Phil

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

Follow-Ups:
- Comments on Schema-query
  - From: Balazs Lengyel <balazs.lengyel@ericsson.com>

References:
- partial locking and access control
  - From: Andy Bierman <ietf@andybierman.com>

Prev by Date: Re: partial locking and access control
Next by Date: Comments on Schema-query
Previous by thread: Re: partial locking and access control
Next by thread: Comments on Schema-query
Index(es):
- Date
- Thread