I need to handle the following two cases:1) A router with multiple virtual routers. Each virtual router might be managed by a separate organization. This would mean that a subtree of the data model must be assigned to each organization. 2) I have a big box: where user A is responsible for configuration management while user B is responsible for performance management. I want to keep them separate. This would mean that some type of objects (representing performance measurements) should be handled separately.
Information leaks can't be fully avoided but with careful modeling of data and documentation warning about the possibility of some leaks we can provide a solution that is better then just saying NO.
All I am asking for that Netconf should not actively prohibit such a solution. Balazs Juergen Schoenwaelder wrote:
On Thu, Apr 13, 2006 at 12:16:14PM -0700, Andy Bierman wrote:References in identifiers -- you mean like information carried in the instance portion of an OID? Not sure what you meanOperators seem to like to name things in meaningful ways and these names frequently carry information which may be sensitive. If you want to define views so that different people can look at a box, you have to ensure that nothing leaks through which might be embedded in operator assigned names (and thus can't be really handled by access control rules unless you have embedded AI). /js
-- Balazs Lengyel Ericsson Hungary Ltd. TSP System Manager ECN: 831 7320 Fax: +36 1 4377792 Tel: +36-1-437-7320 email: Balazs.Lengyel@ericsson.com -- to unsubscribe send a message to netconf-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/netconf/>