openconfig
Need a 'class/group' field in the user credentials
As part of user accounts under AuthorizedKeysRequest->AccountCredentials and AuthorizedUsersRequest->UserPolicy, a 'class' field is required to ADD a "new" user account. The 'class' field is of type string that defines a class name. The 'class' is used to associate the user account with the 'class'. The 'class' defines the permissions for the 'user' account. In order to handle "new" user account creation with a 'credentials' configuration pushed through bootz (bootz.proto), a user 'class' is required. Or an acceptable default 'class' will have to be used, where the "default" class has the necessary permissions that can be applied to all user accounts created through RPCs via gnsi-credentialz. Request is to make provision in credentialz.proto to be able to specify a user 'class' under "AccountCredentials" and "UserPolicy".
'class' sounds very vendor specific... there's perhaps another word we could use here? how about 'role' ?
Thanks for getting back on this. 'role' sounds good to me. we can go with that.
On Sat, Dec 28, 2024 at 2:26 PM Chris Morrow @.***> wrote:
'class' sounds very vendor specific... there's perhaps another word we could use here? how about 'role' ?
— Reply to this email directly, view it on GitHub https://github.com/openconfig/gnsi/issues/189#issuecomment-2564412817, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAWSZRYTJ2Q5V7IOODTLWZ32H33PBAVCNFSM6AAAAABUKB5N2CVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKNRUGQYTEOBRG4 . You are receiving this because you authored the thread.Message ID: @.***>