ConfD User Community

Restrict user in changing the value of leaf once committed


#1

Hi All,

i am trying to create a restriction where there is a enum in a list with default as “0”. Once user commits the initial configuration, we don’t want the user to modify the content of that enum. In the following example, when user creates new “connection”, option will show as “http/https”. Then user should be able to change as per wish. But once he commits that change, he shouldn’t be allowed to change it. Is it possible to keep this retriction in data-model?

enum security {
	http = 0,
	https = 1
};

list connection {
	leaf option {
		type security;
		default http;
	}

	leaf site {
		type string;
		mandatory true;
	}

}

#2

Hi,

You can’t keep such a restriction in the data model. The purpose of validation is to validate that the new configuration is correct. Not the operation.

From the ConfD UG:

Attempting to validate the operations instead of the resulting configuration can also lead to problems with loading config backups or doing rollbacks. The old configuration that should be applied as a result of such actions is obviously valid (as long as the logical constraints have not changed), but validation logic that rejects specific changes to the configuration may still result in that configuration being rejected.

Perhaps you instead want to create a NACM rule for that user and change that NACM rule to deny changes to that leaf from a CDB subscriber?