[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Access control

To: Balazs Lengyel <balazs.lengyel@ericsson.com>
Subject: Re: Access control
From: Phil Shafer <phil@juniper.net>
Date: Mon, 18 Sep 2006 11:59:36 -0400
Cc: Andy Bierman <ietf@andybierman.com>, Vincent Cridlig <vincent.cridlig@loria.fr>, "'Netconf (E-mail)'" <netconf@ops.ietf.org>
In-reply-to: Your message of "Mon, 18 Sep 2006 17:43:29 +0200." <450EBEA1.20403@ericsson.com>

Balazs Lengyel writes:
>Does this mean, that in your opinion it is NOT Possible to do access control without the
>information: what is stored already in the datastore?

You shouldn't need the datastore to do access control, but you
might need the schema and the user's permissions.  In JUNOS, we
try to leverage the normal CLI permissions, so if you can't
touch it (or view it) via the CLI, you can't touch/view it in
the API.  The schema that defines the data store contains
this access information, so both the CLI, the API, the web goo,
and whatever else can eat your schema will be able to understand
and enforce your permission scheme.

Thanks,
 Phil

--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

References:
- Re: Access control
  - From: Balazs Lengyel <balazs.lengyel@ericsson.com>

Prev by Date: Re: Access control
Next by Date: Re: Access control
Previous by thread: Re: Access control
Next by thread: Re: Access control
Index(es):
- Date
- Thread