I have created 3 groups in confd. I want each of this to have access to one specific interface, As an example, group1 to have access to netconf, 2nd to cli etc.
Tll now I have not managed to achieve this.
I create seperate rule-list for each one group (one rule-list for admin, other rule-list for group1, another group-list for group 2).
Yes, you can follow something similar to my example as one way to do it. To allow more northbound interfaces to be accessible by a particular group, you can add more rules, one for each type of northbound interfaces to be permitted, before the deny rule.
In the same rule-list I have two types of rules. One as above which allows/denies access on interfaces and the second type which allows the access in specific leafs of yang tree model.
However, both rules do not work at the same time. I think that is the order of the rules. Is there a specific order for the rules so as all of them to be applied?
As defined in ietf-netconf-acm.yang, the rules in a rule-list are processed as follows:
list rule {
key "name";
ordered-by user;
description
"One access control rule.
Rules are processed in user-defined order until a match is
found. A rule matches if 'module-name', 'rule-type', and
'access-operations' match the request. If a rule
matches, the 'action' leaf determines if access is granted
or not.";
Continuing from the example aaa_init.xml as described in my previous posting, you should define the data access rules for a particular context before denying access to other contexts.