| SNMP-VIEW-BASED-ACM-MIB DEFINITIONS ::= BEGIN |
| |
| IMPORTS |
| MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF |
| MODULE-IDENTITY, OBJECT-TYPE, |
| snmpModules FROM SNMPv2-SMI |
| TestAndIncr, |
| RowStatus, StorageType FROM SNMPv2-TC |
| SnmpAdminString, |
| SnmpSecurityLevel, |
| SnmpSecurityModel FROM SNMP-FRAMEWORK-MIB; |
| |
| snmpVacmMIB MODULE-IDENTITY |
| LAST-UPDATED "200210160000Z" -- 16 Oct 2002, midnight |
| ORGANIZATION "SNMPv3 Working Group" |
| CONTACT-INFO "WG-email: snmpv3@lists.tislabs.com |
| Subscribe: majordomo@lists.tislabs.com |
| In message body: subscribe snmpv3 |
| |
| Co-Chair: Russ Mundy |
| Network Associates Laboratories |
| postal: 15204 Omega Drive, Suite 300 |
| Rockville, MD 20850-4601 |
| USA |
| email: mundy@tislabs.com |
| phone: +1 301-947-7107 |
| |
| Co-Chair: David Harrington |
| Enterasys Networks |
| Postal: 35 Industrial Way |
| P. O. Box 5004 |
| Rochester, New Hampshire 03866-5005 |
| USA |
| EMail: dbh@enterasys.com |
| Phone: +1 603-337-2614 |
| |
| Co-editor: Bert Wijnen |
| Lucent Technologies |
| postal: Schagen 33 |
| 3461 GL Linschoten |
| Netherlands |
| email: bwijnen@lucent.com |
| phone: +31-348-480-685 |
| |
| Co-editor: Randy Presuhn |
| BMC Software, Inc. |
| |
| postal: 2141 North First Street |
| San Jose, CA 95131 |
| USA |
| email: randy_presuhn@bmc.com |
| phone: +1 408-546-1006 |
| |
| Co-editor: Keith McCloghrie |
| Cisco Systems, Inc. |
| postal: 170 West Tasman Drive |
| San Jose, CA 95134-1706 |
| USA |
| email: kzm@cisco.com |
| phone: +1-408-526-5260 |
| " |
| DESCRIPTION "The management information definitions for the |
| View-based Access Control Model for SNMP. |
| |
| Copyright (C) The Internet Society (2002). This |
| version of this MIB module is part of RFC 3415; |
| see the RFC itself for full legal notices. |
| " |
| -- Revision history |
| |
| REVISION "200210160000Z" -- 16 Oct 2002, midnight |
| DESCRIPTION "Clarifications, published as RFC3415" |
| |
| REVISION "199901200000Z" -- 20 Jan 1999, midnight |
| DESCRIPTION "Clarifications, published as RFC2575" |
| |
| REVISION "199711200000Z" -- 20 Nov 1997, midnight |
| DESCRIPTION "Initial version, published as RFC2275" |
| ::= { snmpModules 16 } |
| |
| -- Administrative assignments **************************************** |
| |
| vacmMIBObjects OBJECT IDENTIFIER ::= { snmpVacmMIB 1 } |
| vacmMIBConformance OBJECT IDENTIFIER ::= { snmpVacmMIB 2 } |
| |
| -- Information about Local Contexts ********************************** |
| |
| vacmContextTable OBJECT-TYPE |
| SYNTAX SEQUENCE OF VacmContextEntry |
| MAX-ACCESS not-accessible |
| STATUS current |
| DESCRIPTION "The table of locally available contexts. |
| |
| This table provides information to SNMP Command |
| |
| Generator applications so that they can properly |
| configure the vacmAccessTable to control access to |
| all contexts at the SNMP entity. |
| |
| This table may change dynamically if the SNMP entity |
| allows that contexts are added/deleted dynamically |
| (for instance when its configuration changes). Such |
| changes would happen only if the management |
| instrumentation at that SNMP entity recognizes more |
| (or fewer) contexts. |
| |
| The presence of entries in this table and of entries |
| in the vacmAccessTable are independent. That is, a |
| context identified by an entry in this table is not |
| necessarily referenced by any entries in the |
| vacmAccessTable; and the context(s) referenced by an |
| entry in the vacmAccessTable does not necessarily |
| currently exist and thus need not be identified by an |
| entry in this table. |
| |
| This table must be made accessible via the default |
| context so that Command Responder applications have |
| a standard way of retrieving the information. |
| |
| This table is read-only. It cannot be configured via |
| SNMP. |
| " |
| ::= { vacmMIBObjects 1 } |
| |
| vacmContextEntry OBJECT-TYPE |
| SYNTAX VacmContextEntry |
| MAX-ACCESS not-accessible |
| STATUS current |
| DESCRIPTION "Information about a particular context." |
| INDEX { |
| vacmContextName |
| } |
| ::= { vacmContextTable 1 } |
| |
| VacmContextEntry ::= SEQUENCE |
| { |
| vacmContextName SnmpAdminString |
| } |
| |
| vacmContextName OBJECT-TYPE |
| SYNTAX SnmpAdminString (SIZE(0..32)) |
| MAX-ACCESS read-only |
| STATUS current |
| DESCRIPTION "A human readable name identifying a particular |
| context at a particular SNMP entity. |
| |
| The empty contextName (zero length) represents the |
| default context. |
| " |
| ::= { vacmContextEntry 1 } |
| |
| -- Information about Groups ****************************************** |
| |
| vacmSecurityToGroupTable OBJECT-TYPE |
| SYNTAX SEQUENCE OF VacmSecurityToGroupEntry |
| MAX-ACCESS not-accessible |
| STATUS current |
| DESCRIPTION "This table maps a combination of securityModel and |
| securityName into a groupName which is used to define |
| an access control policy for a group of principals. |
| " |
| ::= { vacmMIBObjects 2 } |
| |
| vacmSecurityToGroupEntry OBJECT-TYPE |
| SYNTAX VacmSecurityToGroupEntry |
| MAX-ACCESS not-accessible |
| STATUS current |
| DESCRIPTION "An entry in this table maps the combination of a |
| securityModel and securityName into a groupName. |
| " |
| INDEX { |
| vacmSecurityModel, |
| vacmSecurityName |
| } |
| ::= { vacmSecurityToGroupTable 1 } |
| |
| VacmSecurityToGroupEntry ::= SEQUENCE |
| { |
| vacmSecurityModel SnmpSecurityModel, |
| vacmSecurityName SnmpAdminString, |
| vacmGroupName SnmpAdminString, |
| vacmSecurityToGroupStorageType StorageType, |
| vacmSecurityToGroupStatus RowStatus |
| } |
| |
| vacmSecurityModel OBJECT-TYPE |
| SYNTAX SnmpSecurityModel(1..2147483647) |
| MAX-ACCESS not-accessible |
| STATUS current |
| DESCRIPTION "The Security Model, by which the vacmSecurityName |
| referenced by this entry is provided. |
| |
| Note, this object may not take the 'any' (0) value. |
| " |
| ::= { vacmSecurityToGroupEntry 1 } |
| |
| vacmSecurityName OBJECT-TYPE |
| SYNTAX SnmpAdminString (SIZE(1..32)) |
| MAX-ACCESS not-accessible |
| STATUS current |
| DESCRIPTION "The securityName for the principal, represented in a |
| Security Model independent format, which is mapped by |
| this entry to a groupName. |
| " |
| ::= { vacmSecurityToGroupEntry 2 } |
| |
| vacmGroupName OBJECT-TYPE |
| SYNTAX SnmpAdminString (SIZE(1..32)) |
| MAX-ACCESS read-create |
| STATUS current |
| DESCRIPTION "The name of the group to which this entry (e.g., the |
| combination of securityModel and securityName) |
| belongs. |
| |
| This groupName is used as index into the |
| vacmAccessTable to select an access control policy. |
| However, a value in this table does not imply that an |
| instance with the value exists in table vacmAccesTable. |
| " |
| ::= { vacmSecurityToGroupEntry 3 } |
| |
| vacmSecurityToGroupStorageType OBJECT-TYPE |
| SYNTAX StorageType |
| MAX-ACCESS read-create |
| STATUS current |
| DESCRIPTION "The storage type for this conceptual row. |
| Conceptual rows having the value 'permanent' need not |
| allow write-access to any columnar objects in the row. |
| " |
| DEFVAL { nonVolatile } |
| ::= { vacmSecurityToGroupEntry 4 } |
| |
| vacmSecurityToGroupStatus OBJECT-TYPE |
| SYNTAX RowStatus |
| MAX-ACCESS read-create |
| STATUS current |
| DESCRIPTION "The status of this conceptual row. |
| |
| Until instances of all corresponding columns are |
| appropriately configured, the value of the |
| |
| corresponding instance of the vacmSecurityToGroupStatus |
| column is 'notReady'. |
| |
| In particular, a newly created row cannot be made |
| active until a value has been set for vacmGroupName. |
| |
| The RowStatus TC [RFC2579] requires that this |
| DESCRIPTION clause states under which circumstances |
| other objects in this row can be modified: |
| |
| The value of this object has no effect on whether |
| other objects in this conceptual row can be modified. |
| " |
| ::= { vacmSecurityToGroupEntry 5 } |
| |
| -- Information about Access Rights *********************************** |
| |
| vacmAccessTable OBJECT-TYPE |
| SYNTAX SEQUENCE OF VacmAccessEntry |
| MAX-ACCESS not-accessible |
| STATUS current |
| DESCRIPTION "The table of access rights for groups. |
| |
| Each entry is indexed by a groupName, a contextPrefix, |
| a securityModel and a securityLevel. To determine |
| whether access is allowed, one entry from this table |
| needs to be selected and the proper viewName from that |
| entry must be used for access control checking. |
| |
| To select the proper entry, follow these steps: |
| |
| 1) the set of possible matches is formed by the |
| intersection of the following sets of entries: |
| |
| the set of entries with identical vacmGroupName |
| the union of these two sets: |
| - the set with identical vacmAccessContextPrefix |
| - the set of entries with vacmAccessContextMatch |
| value of 'prefix' and matching |
| vacmAccessContextPrefix |
| intersected with the union of these two sets: |
| - the set of entries with identical |
| vacmSecurityModel |
| - the set of entries with vacmSecurityModel |
| value of 'any' |
| intersected with the set of entries with |
| vacmAccessSecurityLevel value less than or equal |
| to the requested securityLevel |
| |
| 2) if this set has only one member, we're done |
| otherwise, it comes down to deciding how to weight |
| the preferences between ContextPrefixes, |
| SecurityModels, and SecurityLevels as follows: |
| a) if the subset of entries with securityModel |
| matching the securityModel in the message is |
| not empty, then discard the rest. |
| b) if the subset of entries with |
| vacmAccessContextPrefix matching the contextName |
| in the message is not empty, |
| then discard the rest |
| c) discard all entries with ContextPrefixes shorter |
| than the longest one remaining in the set |
| d) select the entry with the highest securityLevel |
| |
| Please note that for securityLevel noAuthNoPriv, all |
| groups are really equivalent since the assumption that |
| the securityName has been authenticated does not hold. |
| " |
| ::= { vacmMIBObjects 4 } |
| |
| vacmAccessEntry OBJECT-TYPE |
| SYNTAX VacmAccessEntry |
| MAX-ACCESS not-accessible |
| STATUS current |
| DESCRIPTION "An access right configured in the Local Configuration |
| Datastore (LCD) authorizing access to an SNMP context. |
| |
| Entries in this table can use an instance value for |
| object vacmGroupName even if no entry in table |
| vacmAccessSecurityToGroupTable has a corresponding |
| value for object vacmGroupName. |
| " |
| INDEX { vacmGroupName, |
| vacmAccessContextPrefix, |
| vacmAccessSecurityModel, |
| vacmAccessSecurityLevel |
| } |
| ::= { vacmAccessTable 1 } |
| |
| VacmAccessEntry ::= SEQUENCE |
| { |
| vacmAccessContextPrefix SnmpAdminString, |
| vacmAccessSecurityModel SnmpSecurityModel, |
| vacmAccessSecurityLevel SnmpSecurityLevel, |
| vacmAccessContextMatch INTEGER, |
| vacmAccessReadViewName SnmpAdminString, |
| vacmAccessWriteViewName SnmpAdminString, |
| vacmAccessNotifyViewName SnmpAdminString, |
| vacmAccessStorageType StorageType, |
| vacmAccessStatus RowStatus |
| } |
| |
| vacmAccessContextPrefix OBJECT-TYPE |
| SYNTAX SnmpAdminString (SIZE(0..32)) |
| MAX-ACCESS not-accessible |
| STATUS current |
| DESCRIPTION "In order to gain the access rights allowed by this |
| conceptual row, a contextName must match exactly |
| (if the value of vacmAccessContextMatch is 'exact') |
| or partially (if the value of vacmAccessContextMatch |
| is 'prefix') to the value of the instance of this |
| object. |
| " |
| ::= { vacmAccessEntry 1 } |
| |
| vacmAccessSecurityModel OBJECT-TYPE |
| SYNTAX SnmpSecurityModel |
| MAX-ACCESS not-accessible |
| STATUS current |
| DESCRIPTION "In order to gain the access rights allowed by this |
| conceptual row, this securityModel must be in use. |
| " |
| ::= { vacmAccessEntry 2 } |
| |
| vacmAccessSecurityLevel OBJECT-TYPE |
| SYNTAX SnmpSecurityLevel |
| MAX-ACCESS not-accessible |
| STATUS current |
| DESCRIPTION "The minimum level of security required in order to |
| gain the access rights allowed by this conceptual |
| row. A securityLevel of noAuthNoPriv is less than |
| authNoPriv which in turn is less than authPriv. |
| |
| If multiple entries are equally indexed except for |
| this vacmAccessSecurityLevel index, then the entry |
| which has the highest value for |
| vacmAccessSecurityLevel is selected. |
| " |
| ::= { vacmAccessEntry 3 } |
| |
| vacmAccessContextMatch OBJECT-TYPE |
| SYNTAX INTEGER |
| { exact (1), -- exact match of prefix and contextName |
| prefix (2) -- Only match to the prefix |
| } |
| MAX-ACCESS read-create |
| STATUS current |
| DESCRIPTION "If the value of this object is exact(1), then all |
| rows where the contextName exactly matches |
| vacmAccessContextPrefix are selected. |
| |
| If the value of this object is prefix(2), then all |
| rows where the contextName whose starting octets |
| exactly match vacmAccessContextPrefix are selected. |
| This allows for a simple form of wildcarding. |
| " |
| DEFVAL { exact } |
| ::= { vacmAccessEntry 4 } |
| |
| vacmAccessReadViewName OBJECT-TYPE |
| SYNTAX SnmpAdminString (SIZE(0..32)) |
| MAX-ACCESS read-create |
| STATUS current |
| DESCRIPTION "The value of an instance of this object identifies |
| the MIB view of the SNMP context to which this |
| conceptual row authorizes read access. |
| |
| The identified MIB view is that one for which the |
| vacmViewTreeFamilyViewName has the same value as the |
| instance of this object; if the value is the empty |
| string or if there is no active MIB view having this |
| value of vacmViewTreeFamilyViewName, then no access |
| is granted. |
| " |
| DEFVAL { ''H } -- the empty string |
| ::= { vacmAccessEntry 5 } |
| |
| vacmAccessWriteViewName OBJECT-TYPE |
| SYNTAX SnmpAdminString (SIZE(0..32)) |
| MAX-ACCESS read-create |
| STATUS current |
| DESCRIPTION "The value of an instance of this object identifies |
| the MIB view of the SNMP context to which this |
| conceptual row authorizes write access. |
| |
| The identified MIB view is that one for which the |
| vacmViewTreeFamilyViewName has the same value as the |
| instance of this object; if the value is the empty |
| string or if there is no active MIB view having this |
| value of vacmViewTreeFamilyViewName, then no access |
| is granted. |
| " |
| DEFVAL { ''H } -- the empty string |
| ::= { vacmAccessEntry 6 } |
| |
| vacmAccessNotifyViewName OBJECT-TYPE |
| SYNTAX SnmpAdminString (SIZE(0..32)) |
| MAX-ACCESS read-create |
| STATUS current |
| DESCRIPTION "The value of an instance of this object identifies |
| the MIB view of the SNMP context to which this |
| conceptual row authorizes access for notifications. |
| |
| The identified MIB view is that one for which the |
| vacmViewTreeFamilyViewName has the same value as the |
| instance of this object; if the value is the empty |
| string or if there is no active MIB view having this |
| value of vacmViewTreeFamilyViewName, then no access |
| is granted. |
| " |
| DEFVAL { ''H } -- the empty string |
| ::= { vacmAccessEntry 7 } |
| |
| vacmAccessStorageType OBJECT-TYPE |
| SYNTAX StorageType |
| MAX-ACCESS read-create |
| STATUS current |
| DESCRIPTION "The storage type for this conceptual row. |
| |
| Conceptual rows having the value 'permanent' need not |
| allow write-access to any columnar objects in the row. |
| " |
| DEFVAL { nonVolatile } |
| ::= { vacmAccessEntry 8 } |
| |
| vacmAccessStatus OBJECT-TYPE |
| SYNTAX RowStatus |
| MAX-ACCESS read-create |
| STATUS current |
| DESCRIPTION "The status of this conceptual row. |
| |
| The RowStatus TC [RFC2579] requires that this |
| DESCRIPTION clause states under which circumstances |
| other objects in this row can be modified: |
| |
| The value of this object has no effect on whether |
| other objects in this conceptual row can be modified. |
| " |
| ::= { vacmAccessEntry 9 } |
| |
| -- Information about MIB views *************************************** |
| |
| -- Support for instance-level granularity is optional. |
| -- |
| -- In some implementations, instance-level access control |
| -- granularity may come at a high performance cost. Managers |
| -- should avoid requesting such configurations unnecessarily. |
| |
| vacmMIBViews OBJECT IDENTIFIER ::= { vacmMIBObjects 5 } |
| |
| vacmViewSpinLock OBJECT-TYPE |
| SYNTAX TestAndIncr |
| MAX-ACCESS read-write |
| STATUS current |
| DESCRIPTION "An advisory lock used to allow cooperating SNMP |
| Command Generator applications to coordinate their |
| use of the Set operation in creating or modifying |
| views. |
| |
| When creating a new view or altering an existing |
| view, it is important to understand the potential |
| interactions with other uses of the view. The |
| vacmViewSpinLock should be retrieved. The name of |
| the view to be created should be determined to be |
| unique by the SNMP Command Generator application by |
| consulting the vacmViewTreeFamilyTable. Finally, |
| the named view may be created (Set), including the |
| advisory lock. |
| If another SNMP Command Generator application has |
| altered the views in the meantime, then the spin |
| lock's value will have changed, and so this creation |
| will fail because it will specify the wrong value for |
| the spin lock. |
| |
| Since this is an advisory lock, the use of this lock |
| is not enforced. |
| " |
| ::= { vacmMIBViews 1 } |
| |
| vacmViewTreeFamilyTable OBJECT-TYPE |
| SYNTAX SEQUENCE OF VacmViewTreeFamilyEntry |
| MAX-ACCESS not-accessible |
| STATUS current |
| DESCRIPTION "Locally held information about families of subtrees |
| within MIB views. |
| |
| Each MIB view is defined by two sets of view subtrees: |
| - the included view subtrees, and |
| - the excluded view subtrees. |
| Every such view subtree, both the included and the |
| |
| excluded ones, is defined in this table. |
| |
| To determine if a particular object instance is in |
| a particular MIB view, compare the object instance's |
| OBJECT IDENTIFIER with each of the MIB view's active |
| entries in this table. If none match, then the |
| object instance is not in the MIB view. If one or |
| more match, then the object instance is included in, |
| or excluded from, the MIB view according to the |
| value of vacmViewTreeFamilyType in the entry whose |
| value of vacmViewTreeFamilySubtree has the most |
| sub-identifiers. If multiple entries match and have |
| the same number of sub-identifiers (when wildcarding |
| is specified with the value of vacmViewTreeFamilyMask), |
| then the lexicographically greatest instance of |
| vacmViewTreeFamilyType determines the inclusion or |
| exclusion. |
| |
| An object instance's OBJECT IDENTIFIER X matches an |
| active entry in this table when the number of |
| sub-identifiers in X is at least as many as in the |
| value of vacmViewTreeFamilySubtree for the entry, |
| and each sub-identifier in the value of |
| vacmViewTreeFamilySubtree matches its corresponding |
| sub-identifier in X. Two sub-identifiers match |
| either if the corresponding bit of the value of |
| vacmViewTreeFamilyMask for the entry is zero (the |
| 'wild card' value), or if they are equal. |
| |
| A 'family' of subtrees is the set of subtrees defined |
| by a particular combination of values of |
| vacmViewTreeFamilySubtree and vacmViewTreeFamilyMask. |
| |
| In the case where no 'wild card' is defined in the |
| vacmViewTreeFamilyMask, the family of subtrees reduces |
| to a single subtree. |
| |
| When creating or changing MIB views, an SNMP Command |
| Generator application should utilize the |
| vacmViewSpinLock to try to avoid collisions. See |
| DESCRIPTION clause of vacmViewSpinLock. |
| |
| When creating MIB views, it is strongly advised that |
| first the 'excluded' vacmViewTreeFamilyEntries are |
| created and then the 'included' entries. |
| |
| When deleting MIB views, it is strongly advised that |
| first the 'included' vacmViewTreeFamilyEntries are |
| |
| deleted and then the 'excluded' entries. |
| |
| If a create for an entry for instance-level access |
| control is received and the implementation does not |
| support instance-level granularity, then an |
| inconsistentName error must be returned. |
| " |
| ::= { vacmMIBViews 2 } |
| |
| vacmViewTreeFamilyEntry OBJECT-TYPE |
| SYNTAX VacmViewTreeFamilyEntry |
| MAX-ACCESS not-accessible |
| STATUS current |
| DESCRIPTION "Information on a particular family of view subtrees |
| included in or excluded from a particular SNMP |
| context's MIB view. |
| |
| Implementations must not restrict the number of |
| families of view subtrees for a given MIB view, |
| except as dictated by resource constraints on the |
| overall number of entries in the |
| vacmViewTreeFamilyTable. |
| |
| If no conceptual rows exist in this table for a given |
| MIB view (viewName), that view may be thought of as |
| consisting of the empty set of view subtrees. |
| " |
| INDEX { vacmViewTreeFamilyViewName, |
| vacmViewTreeFamilySubtree |
| } |
| ::= { vacmViewTreeFamilyTable 1 } |
| |
| VacmViewTreeFamilyEntry ::= SEQUENCE |
| { |
| vacmViewTreeFamilyViewName SnmpAdminString, |
| vacmViewTreeFamilySubtree OBJECT IDENTIFIER, |
| vacmViewTreeFamilyMask OCTET STRING, |
| vacmViewTreeFamilyType INTEGER, |
| vacmViewTreeFamilyStorageType StorageType, |
| vacmViewTreeFamilyStatus RowStatus |
| } |
| |
| vacmViewTreeFamilyViewName OBJECT-TYPE |
| SYNTAX SnmpAdminString (SIZE(1..32)) |
| MAX-ACCESS not-accessible |
| STATUS current |
| DESCRIPTION "The human readable name for a family of view subtrees. |
| " |
| ::= { vacmViewTreeFamilyEntry 1 } |
| |
| vacmViewTreeFamilySubtree OBJECT-TYPE |
| SYNTAX OBJECT IDENTIFIER |
| MAX-ACCESS not-accessible |
| STATUS current |
| DESCRIPTION "The MIB subtree which when combined with the |
| corresponding instance of vacmViewTreeFamilyMask |
| defines a family of view subtrees. |
| " |
| ::= { vacmViewTreeFamilyEntry 2 } |
| |
| vacmViewTreeFamilyMask OBJECT-TYPE |
| SYNTAX OCTET STRING (SIZE (0..16)) |
| MAX-ACCESS read-create |
| STATUS current |
| DESCRIPTION "The bit mask which, in combination with the |
| corresponding instance of vacmViewTreeFamilySubtree, |
| defines a family of view subtrees. |
| |
| Each bit of this bit mask corresponds to a |
| sub-identifier of vacmViewTreeFamilySubtree, with the |
| most significant bit of the i-th octet of this octet |
| string value (extended if necessary, see below) |
| corresponding to the (8*i - 7)-th sub-identifier, and |
| the least significant bit of the i-th octet of this |
| octet string corresponding to the (8*i)-th |
| sub-identifier, where i is in the range 1 through 16. |
| |
| Each bit of this bit mask specifies whether or not |
| the corresponding sub-identifiers must match when |
| determining if an OBJECT IDENTIFIER is in this |
| family of view subtrees; a '1' indicates that an |
| exact match must occur; a '0' indicates 'wild card', |
| i.e., any sub-identifier value matches. |
| |
| Thus, the OBJECT IDENTIFIER X of an object instance |
| is contained in a family of view subtrees if, for |
| each sub-identifier of the value of |
| vacmViewTreeFamilySubtree, either: |
| |
| the i-th bit of vacmViewTreeFamilyMask is 0, or |
| |
| the i-th sub-identifier of X is equal to the i-th |
| sub-identifier of the value of |
| vacmViewTreeFamilySubtree. |
| |
| If the value of this bit mask is M bits long and |
| |
| there are more than M sub-identifiers in the |
| corresponding instance of vacmViewTreeFamilySubtree, |
| then the bit mask is extended with 1's to be the |
| required length. |
| |
| Note that when the value of this object is the |
| zero-length string, this extension rule results in |
| a mask of all-1's being used (i.e., no 'wild card'), |
| and the family of view subtrees is the one view |
| subtree uniquely identified by the corresponding |
| instance of vacmViewTreeFamilySubtree. |
| |
| Note that masks of length greater than zero length |
| do not need to be supported. In this case this |
| object is made read-only. |
| " |
| DEFVAL { ''H } |
| ::= { vacmViewTreeFamilyEntry 3 } |
| |
| vacmViewTreeFamilyType OBJECT-TYPE |
| SYNTAX INTEGER { included(1), excluded(2) } |
| MAX-ACCESS read-create |
| STATUS current |
| DESCRIPTION "Indicates whether the corresponding instances of |
| vacmViewTreeFamilySubtree and vacmViewTreeFamilyMask |
| define a family of view subtrees which is included in |
| or excluded from the MIB view. |
| " |
| DEFVAL { included } |
| ::= { vacmViewTreeFamilyEntry 4 } |
| |
| vacmViewTreeFamilyStorageType OBJECT-TYPE |
| SYNTAX StorageType |
| MAX-ACCESS read-create |
| STATUS current |
| DESCRIPTION "The storage type for this conceptual row. |
| |
| Conceptual rows having the value 'permanent' need not |
| allow write-access to any columnar objects in the row. |
| " |
| DEFVAL { nonVolatile } |
| ::= { vacmViewTreeFamilyEntry 5 } |
| |
| vacmViewTreeFamilyStatus OBJECT-TYPE |
| SYNTAX RowStatus |
| MAX-ACCESS read-create |
| STATUS current |
| DESCRIPTION "The status of this conceptual row. |
| |
| The RowStatus TC [RFC2579] requires that this |
| DESCRIPTION clause states under which circumstances |
| other objects in this row can be modified: |
| |
| The value of this object has no effect on whether |
| other objects in this conceptual row can be modified. |
| " |
| ::= { vacmViewTreeFamilyEntry 6 } |
| |
| -- Conformance information ******************************************* |
| |
| vacmMIBCompliances OBJECT IDENTIFIER ::= { vacmMIBConformance 1 } |
| vacmMIBGroups OBJECT IDENTIFIER ::= { vacmMIBConformance 2 } |
| |
| -- Compliance statements ********************************************* |
| |
| vacmMIBCompliance MODULE-COMPLIANCE |
| STATUS current |
| DESCRIPTION "The compliance statement for SNMP engines which |
| implement the SNMP View-based Access Control Model |
| configuration MIB. |
| " |
| MODULE -- this module |
| MANDATORY-GROUPS { vacmBasicGroup } |
| |
| OBJECT vacmAccessContextMatch |
| MIN-ACCESS read-only |
| DESCRIPTION "Write access is not required." |
| |
| OBJECT vacmAccessReadViewName |
| MIN-ACCESS read-only |
| DESCRIPTION "Write access is not required." |
| |
| OBJECT vacmAccessWriteViewName |
| MIN-ACCESS read-only |
| DESCRIPTION "Write access is not required." |
| |
| OBJECT vacmAccessNotifyViewName |
| MIN-ACCESS read-only |
| DESCRIPTION "Write access is not required." |
| |
| OBJECT vacmAccessStorageType |
| MIN-ACCESS read-only |
| DESCRIPTION "Write access is not required." |
| |
| OBJECT vacmAccessStatus |
| MIN-ACCESS read-only |
| DESCRIPTION "Create/delete/modify access to the |
| |
| vacmAccessTable is not required. |
| " |
| |
| OBJECT vacmViewTreeFamilyMask |
| WRITE-SYNTAX OCTET STRING (SIZE (0)) |
| MIN-ACCESS read-only |
| DESCRIPTION "Support for configuration via SNMP of subtree |
| families using wild-cards is not required. |
| " |
| |
| OBJECT vacmViewTreeFamilyType |
| MIN-ACCESS read-only |
| DESCRIPTION "Write access is not required." |
| |
| OBJECT vacmViewTreeFamilyStorageType |
| MIN-ACCESS read-only |
| DESCRIPTION "Write access is not required." |
| |
| OBJECT vacmViewTreeFamilyStatus |
| MIN-ACCESS read-only |
| DESCRIPTION "Create/delete/modify access to the |
| vacmViewTreeFamilyTable is not required. |
| " |
| ::= { vacmMIBCompliances 1 } |
| |
| -- Units of conformance ********************************************** |
| |
| vacmBasicGroup OBJECT-GROUP |
| OBJECTS { |
| vacmContextName, |
| vacmGroupName, |
| vacmSecurityToGroupStorageType, |
| vacmSecurityToGroupStatus, |
| vacmAccessContextMatch, |
| vacmAccessReadViewName, |
| vacmAccessWriteViewName, |
| vacmAccessNotifyViewName, |
| vacmAccessStorageType, |
| vacmAccessStatus, |
| vacmViewSpinLock, |
| vacmViewTreeFamilyMask, |
| vacmViewTreeFamilyType, |
| vacmViewTreeFamilyStorageType, |
| vacmViewTreeFamilyStatus |
| } |
| STATUS current |
| DESCRIPTION "A collection of objects providing for remote |
| configuration of an SNMP engine which implements |
| |
| the SNMP View-based Access Control Model. |
| " |
| ::= { vacmMIBGroups 1 } |
| |
| END |
