Hi Team,
We are having one CLI in confd configuration mode for removing the database configuration. is there any way to create nacm rule to restrict only the execution of “no database” command in config mode.
admin@orchestrator[TEST-Binding-master]# config
Entering configuration mode terminal
admin@orchestratorTEST-Binding-master# no database
admin@orchestratorTEST-Binding-master#
Thanks,
Vinuta MB
rule data-base-access
module-name tailf-cps-orchestrator
path /database/
access-operations read
action permit
!
rule data-base-restrict
module-name tailf-cps-orchestrator
path /database/
access-operations delete
action deny
!
tried with these rules but, they are restricting to view committed changes under database module also.
Hi Vinuta,
(Off-topic hint: I’d suggest to not create CLI related topics in the “NETCONF” section of the Forum)
What Daemon version are you using?
How does your data module look like?
Can you find any related log entry in the developer log with /confdConfig/logs/developerLogLevel set to “trace”?
Looking at your rules I’m wondering how trailing slash characters are handled by the ConfD NACM rule processing.
Have you tried to use path value “/database” in the rules? (without the trailing slash)