From: Andy Bierman <a...@yumaworks.com> Sent: Wednesday, 23 March, 2022 22:32 To: Balázs Lengyel <balazs.leng...@ericsson.com> Cc: NetMod WG <netmod@ietf.org> Subject: Re: [netmod] Alternative approach to draft-ma-netmod-immutable-flag-00
On Wed, Mar 23, 2022 at 2:16 PM Balázs Lengyel <balazs.leng...@ericsson.com<mailto:balazs.leng...@ericsson.com>> wrote: Hello Andy, I also propose an extension. (see my mail Review of draft-ma-netmod-immutable-flag-00) In Ericsson we saw no need for exceptions, but do see the need for applying it to descendant nodes. Typically we need to protect a full subtree. Why do you need the exceptions? Could you provide some use-case examples ? I think create/delete-only and modify-only access modes are used the most, after no-access. BALAZS: How is a modify-only data-node different from a mandatory data-node? It must be there but can be changed. It get’s an initial value somehow. BALAZS: Any examples when would a create/delete only data node be used? Applying to descendant nodes may be better, or may require more work to undo the extension used in an ancestor node. This impacts the extension usage within a grouping. BALAZS2: I did not include it in my mail, but we actually have one more rule: “Top level statements in augment or groupings do NOT inherit the static-data value from containing nodes, they default to static-data false.” Regards Balazs Andy From: netmod <netmod-boun...@ietf.org<mailto:netmod-boun...@ietf.org>> On Behalf Of Andy Bierman Sent: Wednesday, 23 March, 2022 21:10 To: NetMod WG <netmod@ietf.org<mailto:netmod@ietf.org>> Subject: [netmod] Alternative approach to draft-ma-netmod-immutable-flag-00 Hi, IMO the problem should be viewed as a refinement to the access control policy of the device. A standard mechanism such as a YANG extension would be better than a growing mix of proprietary solutions. We have such a YANG extension called "user-write" that is widely deployed. A simple boolean is not fine enough granularity, so a bits type is needed instead to allow control of create, update, and delete access operations. https://www.yumaworks.com/pub/latest/yangauto/yumapro-yangauto-guide.html#ncx-user-write<https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-454445555731-876c03f0bc610d95&q=1&e=c875257e-41f5-45d6-a9e9-871e5ebb4243&u=https%3A%2F%2Fwww.yumaworks.com%2Fpub%2Flatest%2Fyangauto%2Fyumapro-yangauto-guide.html%23ncx-user-write> Andy
_______________________________________________ netmod mailing list netmod@ietf.org https://www.ietf.org/mailman/listinfo/netmod