Question related authorization rules

YANG
1

Hi,

I have a question regarding AAA.xml rules.
I have a rule for the content of the list ss7-m3ua-rec

<rule-list>
      <name>any-group</name>
      <group>*</group>
      <rule>
        <name>deny-ss7-m3ua</name>
        <module-name>test-structure</module-name>
        <path>/application-interfaces/ss7/ss7-m3ua/ss7-m3ua-rec/*</path>
	<access-operations>update delete</access-operations>
        <action>deny</action>
      </rule>
</rule-list>

My question is that if the denial of deletion apply to keys of the list too.
As the path is set as /interfaces/ss7/ss7-m3ua/ss7-m3ua-rec/*
The ’ * ’ means that the rule applies to all childs of the list ss7-m3ua-rec.
But is seems that when I send a netconf message I can delete records of the list by deleting
key values.

Br,
Thomas

2

List keys are not children of the list entry, they are part of the list entry.
Hence, if you want your rule to apply to the list entry itself you need to remove the “/*” part from your path. I.e. “/interfaces/ss7/ss7-m3ua/ss7-m3ua-rec”