How to configure default configs in to cdb_running and as well user cannot modify or delete them

we have a requirement where i have an default acl to be configured and further user shouldn’t be allowed to to modify or delete default acl.
if we using *init.xml it also calls the same hook where we are supposed to put restriction of modification .

we tried cdb apis , but cdb apis are not allowing to write data to CDB_RUNNING.

could you please suggest a way to achieve ??

I’m not sure if I understand your question.

You have initial configuration with ACL in some init xml file.
You want to prevent user to delete this initial ACL configuration, is ti correct?

I think you may check NACM access rules or ConfD authorization callbacks (should be used only on limited set of configuration). See 14.6. Authorization in ConfD User guide.