Unable to provide write access to one group in aaa_init.xml

BVIRMANI · July 9, 2020, 10:55am

How to define an exact rule in aaa_init.xml?

And what does the name tag do ?

I have defined as below, but still it shows access denied for the group

<rule-list>
  <name>group3</name>
  <group>group3</group>
  <rule>
    <name>any-access</name>
    <path>/<module-name>/<container-name></path>
    <access-operations>create update delete read</access-operations>
    <action>permit</action>
  </rule>
  <rule>
    <name><container-name>-access</name>
    <path>/<module>/<container-info></path>
    <access-operations>read</access-operations>
    <action>deny</action>
  </rule>
  <rule>
    <name>read-access</name>
    <path>/</path>
    <access-operations>read exec</access-operations>
    <action>permit</action>
  </rule>
  <rule>
    <name>write-access</name>
    <path>/</path>
    <access-operations>create update delete</access-operations>
    <action>deny</action>
  </rule>
</rule-list>

How to define a rule to allow the read and edit on a particular container defined in the yang file?

mvf · July 10, 2020, 2:25pm

The leaf name serves no semantic role, it’s just a rule identifier; module-name and path are important, with a model like

module: my-mod
  +--rw my-cont

the rule should look like

      <rule>
        <name>rule-id</name>
        <module-name>my-mod</module-name>
        <path>/my-cont</path>
        <access-operations>*</access-operations>
        <action>permit</action>
      </rule>