Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
395
Views
0
Helpful
3
Replies

NACM rule per-leaf content

previousqna
Level 5
Level 5

‎05-10-2017 01:35 AM - edited ‎03-01-2019 03:49 AM

Hi experts,

Suppose that we have an enumeration-type leaf which has 4 possible values: val1, val2, val3, val4.

Is it possible to create a NACM rule that will allow some groups (say, grp1, grp2, grp3) to set the leaf to val1, val2, val3, but will allow only grp1 to set the leaf value to val4?

If so, how?

If not, can you think of an alternative to NACM to allow this behavior?

Thanks,

Labels:
0 Helpful
3 Replies 3

previousqna
Level 5
Level 5

‎05-10-2017 01:35 AM

I believe your request is more of a policy rather than a NACM rule. Unfortunately, a policy applies to all users.

A possible solution is to perform stacked services where you have two services that set the value:

  • Service1 runs to set the values to val1, val2 and val3, while Service 2 set the value to val4.
  • The top service applies either Service1 or Service2, depending on the value to be set.
  • NACM rules governs the creation of Service1 and Service2 to the correct groups.
0 Helpful

previousqna
Level 5
Level 5
In response to previousqna

‎05-10-2017 01:35 AM

Thank you for the suggestion!

0 Helpful

previousqna
Level 5
Level 5
In response to previousqna

‎05-10-2017 01:35 AM

I should mention that I have had many discussions with engineering to see how we could create more advance NACM rules that include so sort of policy in them (or conversely a user-aware policy).

The problem we face is performance. We have not found the way to create them without affecting the performance of the platform.

0 Helpful
Customers Also Viewed These Support Documents