This module contains a collection of YANG definitions for Cisco IOS-XR aaa-nacm package configuration. This module contains def...
Version: 2020-06-01
module Cisco-IOS-XR-aaa-nacm-cfg { yang-version 1; namespace "http://cisco.com/ns/yang/Cisco-IOS-XR-aaa-nacm-cfg"; prefix aaa-nacm-cfg; import Cisco-IOS-XR-types { prefix xr; } import cisco-semver { prefix semver; } organization "Cisco Systems, Inc."; contact "Cisco Systems, Inc. Customer Service Postal: 170 West Tasman Drive San Jose, CA 95134 Tel: +1 800 553-NETS E-mail: cs-yang@cisco.com"; description "This module contains a collection of YANG definitions for Cisco IOS-XR aaa-nacm package configuration. This module contains definitions for the following management objects: nacm: Parameters for NETCONF Access Control Model Copyright (c) 2013-2020 by Cisco Systems, Inc. All rights reserved."; revision "2020-06-01" { description "Change of ordering-index length equal to name length to YANG model."; } revision "2019-04-05" { description "Establish semantic version baseline."; } revision "2017-09-30" { description "Ensure propagation of MDA mandatory state to YANG model."; } revision "2015-11-09" { description "IOS XR 6.0 revision."; } semver:module-version "1.1.0"; semver:module-version "1.0.0"; typedef Nacm-action { type enumeration { enum "permit" { value 0; description "Permit"; } enum "deny" { value 1; description "Deny"; } } description "Nacm action"; } typedef Nacm-rule { type enumeration { enum "protocol-operation" { value 0; description "Protocoloperation"; } enum "data-node" { value 1; description "Datanode"; } enum "notification" { value 2; description "Notification"; } } description "Nacm rule"; } container nacm { description "Parameters for NETCONF Access Control Model"; container groups { description "NETCONF Access Control Groups"; list group { key "group-name"; description "One NACM Group Entry"; leaf group-name { type xr:Cisco-ios-xr-string { length "1..63"; } description "User group name"; } leaf-list user-name { type xr:Cisco-ios-xr-string { length "1..63"; } min-elements 1; max-elements 16; description "User name"; } } // list group } // container groups container rulelist-classes { description "Contains all rule lists of NACM"; list rulelist-class { key "ordering-index rulelist-name"; description "Each rule list of NACM"; container group-names { description "List of groups that will be assigned with the rule"; leaf-list group-name { type xr:Cisco-ios-xr-string { length "1..63"; } max-elements 16; description "Group name"; } } // container group-names container rules { description "Set of rules in a rulelist"; list rule { key "ordering-index rule-name"; description "Each rule in a rulelist"; container rule-type { description "Rule Type associated with this rule"; leaf type { type Nacm-rule; description "Rule Type"; } leaf value { type string { length "1..511"; } description "Rule Value"; } } // container rule-type container access-operations { description "Access operations associated with this rule"; leaf create { type uint32; description "Enable Create"; } leaf read { type uint32; description "Enable Read"; } leaf update { type uint32; description "Enable Update"; } leaf delete { type uint32; description "Enable Delete"; } leaf exec { type uint32; description "Enable Exec"; } leaf all { type uint32; description "Enable All permissions"; } } // container access-operations leaf module-name { type string { length "1..63"; } description "Name of the module associated with this rule"; } leaf action { type Nacm-action; mandatory true; description "The access control action associated with the rule"; } leaf comment { type string { length "1..255"; } description "Textual description of the access rule"; } leaf ordering-index { type xr:Cisco-ios-xr-string { length "1..63"; } description "This is used to sort the rules in the order of precedence"; } leaf rule-name { type xr:Cisco-ios-xr-string { length "1..63"; } description "Rule name"; } } // list rule } // container rules leaf ordering-index { type xr:Cisco-ios-xr-string { length "1..63"; } description "This is used to sort the rulelists in the order of precedence"; } leaf rulelist-name { type xr:Cisco-ios-xr-string { length "1..63"; } description "Rulelist key name"; } } // list rulelist-class } // container rulelist-classes leaf enable-nacm { type boolean; description "Enables or Disables all NETCONF access control enforcement"; } leaf write-default { type Nacm-action; description "Controls write access if no appropriate rule is found"; } leaf exec-default { type Nacm-action; description "Controls exec access if no appropriate rule is found"; } leaf enable-external-groups { type boolean; description "Controls whether the server uses the groups reported by NETCONF transport layer"; } leaf read-default { type Nacm-action; description "Controls read access if no appropriate rule is found"; } } // container nacm } // module Cisco-IOS-XR-aaa-nacm-cfg
© 2023 YumaWorks, Inc. All rights reserved.