Skip to content

What is the expected behavior for the default-deny-all extension? #1768

New issue
New issue
Open
Open
What is the expected behavior for the default-deny-all extension?#1768
Labels
is:questionIssue is actually a question.
@serega911

Description

@serega911
serega911
opened on Nov 19, 2025

Hi!

In the ietf-netconf-acm.yang, nacm container is marked as nacm:default-deny-all:

  container nacm {
    nacm:default-deny-all;

    description
      "Parameters for NETCONF access control model.";

From my testing I see that it does not add any restriction to the operations I am allowed to perform for this module: I still can read and write values to it via the NETCONF session. Is it a bug? I would expect NETCONF server to reject the configuration.

Could you please clarify whether nacm:default-deny-all has real impact on the operation or it is just informative.

-Sergii

Metadata

Metadata

Assignees

No one assigned

    Labels

    is:questionIssue is actually a question.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions