[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: max-access: access control model discussion
Balazs Lengyel wrote:
Let's assume we have the following data model:
<if>
<name>eth0</name>
<opstate>up</opstate>
</if>
- if can be created/deleted max-access: all
- name must be created together with if max-access: all
- opstate is a read only variable that might be created automatically by
the managed system max-access: read-only
If I want to create <if> can I create the read-only <opstate> object or
do I have to rely on the managed system to automaticaly create it ?
If I want to remove the <if> can I remove the read-only <opstate>? (I do
not want to allow removing <opstate> without removing <if>.)
What are the correct max-access setting ? (The question is the same both
for Andy's and Sharon's solution.)
I will rewrite my original email to use existing MAX-ACCESS from SMIv2
instead of my extended MAX-ACCESS (based on well-known sub-states in MIBs),
In your example, read-create covers the case where read-write and read-only
data objects are instantiated by the agent, concurrently with the
objects instantiated by the NMS.
IMO, the actual netconf operations need to be explicitly supported
(notify, read, merge, replace, create, delete) with detailed text
explaining the mapping.
Balazs
Andy
--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>