Is there a way to provide excluded list of paths for maapi_save_config


I am using maapi_save_config to save configurations. I would like to exclude few paths from getting saved,
Is there a way to do so? Could you please provide an example

or it is also fine if maapi_load_config can skip a list of configs while loading


Not really. But there may be some other options, depending on what you are trying to achieve:

  • If there are paths that are supposed to be simply inaccessible to users, you may use tailf:hidden in the data model to make them so and those paths are then removed from maapi_save_config output, or you can use hiding flags to remove them. See the documentation.

  • If those paths are inaccessible only to some users, it is a job for NACM; and if you have NACM configured accordingly, just make sure you start the user session with the right user and context other than "system".

  • If none of those apply, you can still edit the data once you have it. When you save data in the XML format, it is definitely doable via XSL transforms.

Thanks for quick reply. It helps.

hi @mvf

Is there any way to get more info when maapi_load_config fails in code? I see it is giving only “access denied” when confd_lasterr & confd_strerror are printed due to NACM rules.


E very access attempt rejected due to NACM is logged in devel.log, provided you have developerLogLevel set to trace. If you want also permitted accesses to be logged, create instances of leaves log-if-default-permit and log-if-permit - see tailf-nacm.yang.

yeah i tried it. i am worried if any other un necessary or flood of logs in devel.log if i set developerLogLevel to trace.

I would not call it “flood of logs” but yes, devel.log might be chatty if the level is set to trace; I guess you need to test for yourself what is acceptable. Another option is that one of your daemons subscribes to CONFD_NOTIF_DEVEL events, filters out DEVEL_AAA, and logs only these. See the misc/notifications example for how to subscribe to events.

sure @mvf . Thank you