NetConf Access Control Model User Guide
Overview
The NETCONF Access Control Model (NACM) provides a standardized framework for managing user access and permissions within the NETCONF environment. It defines how access to configuration and operational data is controlled, ensuring that only authorized users or groups can view, modify, or execute specific operations on the device.
NACM enables administrators to define fine-grained permissions for different users through both rule-based and group-based access control. It governs which RPCs and configuration data can be viewed or modified. It supports multiple rule types that applies to modules, protocol operations, data nodes, and notifications to offer flexible and precise policy enforcement.
By applying NACM, network devices can be managed more securely and consistently. It helps prevent unauthorized configuration changes, ensures compliance with organizational policies, and aligns with Internet Engineering Task Force(IETF) security standards for NETCONF protocol.
Feature Characteristics
|
•
|
NACM manage the roles specific permission access to read, write, and execute operation in network devices. |
|
•
|
User and Group Management:
|
|
•
|
ROOT: The Root user is a super user with unrestricted access. |
|
•
|
admin/ocnos User: admin/ocnos users belongs to PRIV1 group, which has all the permission. They can create group, add users to the group, and configure NACM rules for those groups. |
|
•
|
Restricted Operations: Only PRIV1 group users (admin/ocnos) and root user can perform copy-config and delete-config operations. |
|
•
|
Configuration Persistance:To ensure NACM configurations are retained across reboots, admin and ocnos users must perform the <copy-config> operation with source=running and target=startup. |
|
•
|
The super user root with unrestricted access and is not bound by NACM rules. Any NetConf session established with the root user is considered a recovery session.
During recovery, the root user can create, delete, or update one or more NACM rules to bring the device back to a stable state.
|
|
•
|
The admin/ocnos users belong to the PRIV1 group, which has full access permissions through a NACM rule that grants complete privileges to this group.
During recovery, the admin/ocnos user can also create, delete, or update one or more NACM rules to restore system stability, provided the PRIV1 rule itself is not deleted.
|
|
•
|
The Root, admin and ocnos users can execute the delete-configtarget=startup operation to restore the startup configuration to its default state during recovery scenarios. |
|
•
|
Implemented as a YANG module (ietf-netconf-acm) and works with NetConf servers to dynamically enforce access controls. |
|
•
|
Rule-Based Access Control
access is controlled based on the following rule components: |
|
•
|
Target: The rule applies to which specifies the data nodes, RPCs or notifications. |
|
•
|
Action: Defines the access to permit or deny. |
|
•
|
User/Group: Identifies the entity to which the rule applies. |
Role-to-Permission Mapping in NACM
| Role/User |
Group |
Permissions |
| Root |
None |
Full unrestricted access to all NetConf operations and configurations. |
| admin/ocnos |
PRIV1 |
Full access including privileged operations like copy-config, delete-config. admin and ocnos users belongs to PRIV1 group. |
| Other Users |
Custom |
Access defined by group-specific NACM rules (for example: read-only, limited RPCs). |