01-02-2020 03:52 AM - edited 01-02-2020 03:54 AM
Hi All,
I have a action package which should be accessible to particular user.
I created user and group using nacm and then rule list,, which is taking only "/" as path. if i provide path as /restconf/operations, then i see below error in devel log.
Error : "/restconf/operations/ep-api/" in access Rule "epp_admin/api_access" is not valid for URN star.
I have not given star in the path given in nacm.
group epp_admin {
user-name [ eppnso ];
}
rule-list epp_admin
group [ epp_admin ];
rule api_access {
module-name *;
path /restconf/operations/ep-api/;
access-operations create,read,update,delete,exec;
action permit;
context *;
}
cmdrule any-command {
action permit;
}
please let me know if anyone encountered this error before?
Thanks.
Solved! Go to Solution.
01-02-2020 05:02 AM
Hi,
I wasn't able to understand what exactly you're trying to achieve, but 2 comments that might help:
1. I think you can drop the module-name altogether in most cases (I think you might be good with dropping context and access-operations in this case).
2. NACM is mostly API-agnostic, so when you provide the path inside a rule, you typically include the data model path, rather than anything related to the interface to be used (e.g. RESTCONF).
So, in this case, your path might be /ep-api, rather than '/restconf/...'
Hope this might help somehow!
01-02-2020 05:02 AM
Hi,
I wasn't able to understand what exactly you're trying to achieve, but 2 comments that might help:
1. I think you can drop the module-name altogether in most cases (I think you might be good with dropping context and access-operations in this case).
2. NACM is mostly API-agnostic, so when you provide the path inside a rule, you typically include the data model path, rather than anything related to the interface to be used (e.g. RESTCONF).
So, in this case, your path might be /ep-api, rather than '/restconf/...'
Hope this might help somehow!
01-04-2020 08:24 PM
Thanks Yftach.
As you said, i removed /restconf/operations and added access to devices. Its working as expected.
Thanks for your quick reply.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide