In RFC-8040 RESTCONF, it is possible to specify from which datastore user would like to read data using query parameter; example:

GET /rests/data/network-topology:network-topology/topology=topology-netconf/node=test/yang-ext:mount/interfaces:interfaces?content=nonconfig

Another example - selection API (fields query parameter):

GET /rests/data/network-topology:network-topology/topology=topology-netconf/node=test/yang-ext:mount/interfaces:interfaces/interface=l0?fields=config,description

It would be great, if it is possible to specify policy that can restrict access to resources based on content of some query parameter.

Use cases:

• allow to read only operational/config data on selected paths for selected users (this was probably possible in DRAFT-02 RESTCONF, since datastore specification is part of URI)
• for selected resources, user must specify fields query parameter that matches some pattern - it is not possible to read 'whole' subtree

Note: Such feature is probably out-of-scope of http://shiro.apache.org/web.html.