If the read-only-user is used, a NACM error is launched, which is correct:
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
<rpc-error>
<error-type>protocol</error-type>
<error-tag>access-denied</error-tag>
<error-severity>error</error-severity>
<error-path>/ietf-netconf:copy-config</error-path>
<error-message xml:lang="en">Executing the operation is denied because "netconf-ro" NACM authorization failed.</error-message>
</rpc-error>
</rpc-reply>]]>]]>
But if the operator-user sends the RPC, it is processed and everything is deleted in the running datastore. Which should not be as the operator-user only have read permissions for ietf-netconf-server, so the RPC should fail.
Problem:
Scenario:
ARG V_LIBYANG=395a7d9 ARG V_LIBSSH=0.9.6 ARG V_LIBNETCONF2=2.1.31
Test details:
And the following copy-config RPC is used for the tests:
If the read-only-user is used, a NACM error is launched, which is correct: