1SNMP-VIEW-BASED-ACM-MIB(7)            MIB           SNMP-VIEW-BASED-ACM-MIB(7)
2
3
4
5SNMP-VIEW-BASED-ACM-MIB DEFINITIONS ::= BEGIN
6
7IMPORTS
8    MODULE-COMPLIANCE, OBJECT-GROUP       FROM SNMPv2-CONF
9    MODULE-IDENTITY, OBJECT-TYPE,
10    snmpModules                           FROM SNMPv2-SMI
11    TestAndIncr,
12    RowStatus, StorageType                FROM SNMPv2-TC
13    SnmpAdminString,
14    SnmpSecurityLevel,
15    SnmpSecurityModel                     FROM SNMP-FRAMEWORK-MIB;
16
17snmpVacmMIB       MODULE-IDENTITY
18    LAST-UPDATED "9901200000Z"            -- 20 Jan 1999, midnight
19    ORGANIZATION "SNMPv3 Working Group"
20    CONTACT-INFO "WG-email:   snmpv3@tis.com
21                  Subscribe:  majordomo@tis.com
22                              In message body:  subscribe snmpv3
23
24                  Chair:      Russ Mundy
25                              Trusted Information Systems
26                  postal:     3060 Washington Rd
27                              Glenwood MD 21738
28                              USA
29                  email:      mundy@tis.com
30                  phone:      +1-301-854-6889
31
32                  Co-editor:  Bert Wijnen
33                              IBM T.J. Watson Research
34                  postal:     Schagen 33
35                              3461 GL Linschoten
36                              Netherlands
37                  email:      wijnen@vnet.ibm.com
38                  phone:      +31-348-432-794
39
40                  Co-editor:  Randy Presuhn
41                              BMC Software, Inc
42                  postal:     965 Stewart Drive
43                              Sunnyvale, CA 94086
44                              USA
45                  email:      randy_presuhn@bmc.com
46                  phone:      +1-408-616-3100
47
48                  Co-editor:  Keith McCloghrie
49                              Cisco Systems, Inc.
50                  postal:     170 West Tasman Drive
51                              San Jose, CA  95134-1706
52                              USA
53                  email:      kzm@cisco.com
54                  phone:      +1-408-526-5260
55                 "
56    DESCRIPTION  "The management information definitions for the
57                  View-based Access Control Model for SNMP.
58                 "
59--  Revision history
60    REVISION     "9901200000Z"            -- 20 Jan 1999, midnight
61                                          -- RFC-Editor assigns RFCxxxx
62    DESCRIPTION  "Clarifications, published as RFCxxxx"
63
64    REVISION     "9711200000Z"            -- 20 Nov 1997, midnight
65    DESCRIPTION  "Initial version, published as RFC2275"
66
67    ::= { snmpModules 16 }
68
69-- Administrative assignments ****************************************
70
71vacmMIBObjects      OBJECT IDENTIFIER ::= { snmpVacmMIB 1 }
72vacmMIBConformance  OBJECT IDENTIFIER ::= { snmpVacmMIB 2 }
73
74-- Information about Local Contexts **********************************
75
76vacmContextTable OBJECT-TYPE
77    SYNTAX       SEQUENCE OF VacmContextEntry
78    MAX-ACCESS   not-accessible
79    STATUS       current
80    DESCRIPTION "The table of locally available contexts.
81
82                 This table provides information to SNMP Command
83                 Generator applications so that they can properly
84                 configure the vacmAccessTable to control access to
85                 all contexts at the SNMP entity.
86
87                 This table may change dynamically if the SNMP entity
88                 allows that contexts are added/deleted dynamically
89                 (for instance when its configuration changes). Such
90                 changes would happen only if the management
91                 instrumentation at that SNMP entity recognizes more
92                 (or fewer) contexts.
93
94                 The presence of entries in this table and of entries
95                 in the vacmAccessTable are independent.  That is, a
96                 context identified by an entry in this table is not
97                 necessarily referenced by any entries in the
98                 vacmAccessTable; and the context(s) referenced by an
99                 entry in the vacmAccessTable does not necessarily
100                 currently exist and thus need not be identified by an
101                 entry in this table.
102
103                 This table must be made accessible via the default
104                 context so that Command Responder applications have
105                 a standard way of retrieving the information.
106
107                 This table is read-only. It cannot be configured via
108                 SNMP.
109                "
110    ::= { vacmMIBObjects 1 }
111
112vacmContextEntry OBJECT-TYPE
113    SYNTAX       VacmContextEntry
114    MAX-ACCESS   not-accessible
115    STATUS       current
116    DESCRIPTION "Information about a particular context."
117    INDEX       {
118                  vacmContextName
119                }
120    ::= { vacmContextTable 1 }
121
122VacmContextEntry ::= SEQUENCE
123    {
124        vacmContextName SnmpAdminString
125    }
126
127vacmContextName  OBJECT-TYPE
128    SYNTAX       SnmpAdminString (SIZE(0..32))
129    MAX-ACCESS   read-only
130    STATUS       current
131    DESCRIPTION "A human readable name identifying a particular
132                 context at a particular SNMP entity.
133
134                 The empty contextName (zero length) represents the
135                 default context.
136                "
137    ::= { vacmContextEntry 1 }
138
139-- Information about Groups ******************************************
140
141vacmSecurityToGroupTable OBJECT-TYPE
142    SYNTAX       SEQUENCE OF VacmSecurityToGroupEntry
143    MAX-ACCESS   not-accessible
144    STATUS       current
145    DESCRIPTION "This table maps a combination of securityModel and
146                 securityName into a groupName which is used to define
147                 an access control policy for a group of principals.
148                "
149    ::= { vacmMIBObjects 2 }
150
151vacmSecurityToGroupEntry OBJECT-TYPE
152    SYNTAX       VacmSecurityToGroupEntry
153    MAX-ACCESS   not-accessible
154    STATUS       current
155    DESCRIPTION "An entry in this table maps the combination of a
156                 securityModel and securityName into a groupName.
157                "
158    INDEX       {
159                  vacmSecurityModel,
160                  vacmSecurityName
161                }
162    ::= { vacmSecurityToGroupTable 1 }
163
164VacmSecurityToGroupEntry ::= SEQUENCE
165    {
166        vacmSecurityModel               SnmpSecurityModel,
167        vacmSecurityName                SnmpAdminString,
168        vacmGroupName                   SnmpAdminString,
169        vacmSecurityToGroupStorageType  StorageType,
170        vacmSecurityToGroupStatus       RowStatus
171    }
172
173vacmSecurityModel OBJECT-TYPE
174    SYNTAX       SnmpSecurityModel(1..2147483647)
175    MAX-ACCESS   not-accessible
176    STATUS       current
177    DESCRIPTION "The Security Model, by which the vacmSecurityName
178                 referenced by this entry is provided.
179
180                 Note, this object may not take the 'any' (0) value.
181                "
182    ::= { vacmSecurityToGroupEntry 1 }
183
184vacmSecurityName OBJECT-TYPE
185    SYNTAX       SnmpAdminString (SIZE(1..32))
186    MAX-ACCESS   not-accessible
187    STATUS       current
188    DESCRIPTION "The securityName for the principal, represented in a
189                 Security Model independent format, which is mapped by
190                 this entry to a groupName.
191                "
192    ::= { vacmSecurityToGroupEntry 2 }
193
194vacmGroupName    OBJECT-TYPE
195    SYNTAX       SnmpAdminString (SIZE(1..32))
196    MAX-ACCESS   read-create
197    STATUS       current
198    DESCRIPTION "The name of the group to which this entry (e.g., the
199                 combination of securityModel and securityName)
200                 belongs.
201
202                 This groupName is used as index into the
203                 vacmAccessTable to select an access control policy.
204                 However, a value in this table does not imply that an
205                 instance with the value exists in table vacmAccesTable.
206                "
207    ::= { vacmSecurityToGroupEntry 3 }
208
209vacmSecurityToGroupStorageType OBJECT-TYPE
210    SYNTAX       StorageType
211    MAX-ACCESS   read-create
212    STATUS       current
213    DESCRIPTION "The storage type for this conceptual row.
214                 Conceptual rows having the value 'permanent' need not
215                 allow write-access to any columnar objects in the row.
216                "
217    DEFVAL      { nonVolatile }
218    ::= { vacmSecurityToGroupEntry 4 }
219
220vacmSecurityToGroupStatus OBJECT-TYPE
221    SYNTAX       RowStatus
222    MAX-ACCESS   read-create
223    STATUS       current
224    DESCRIPTION "The status of this conceptual row.
225
226                 Until instances of all corresponding columns are
227                 appropriately configured, the value of the
228                 corresponding instance of the vacmSecurityToGroupStatus
229                 column is 'notReady'.
230
231                 In particular, a newly created row cannot be made
232                 active until a value has been set for vacmGroupName.
233
234                 The  RowStatus TC [RFC1903] requires that this
235                 DESCRIPTION clause states under which circumstances
236                 other objects in this row can be modified:
237
238                 The value of this object has no effect on whether
239                 other objects in this conceptual row can be modified.
240                "
241    ::= { vacmSecurityToGroupEntry 5 }
242
243-- Information about Access Rights ***********************************
244
245vacmAccessTable  OBJECT-TYPE
246    SYNTAX       SEQUENCE OF VacmAccessEntry
247    MAX-ACCESS   not-accessible
248    STATUS       current
249    DESCRIPTION "The table of access rights for groups.
250
251                 Each entry is indexed by a groupName, a contextPrefix,
252                 a securityModel and a securityLevel.  To determine
253                 whether access is allowed, one entry from this table
254                 needs to be selected and the proper viewName from that
255                 entry must be used for access control checking.
256
257                 To select the proper entry, follow these steps:
258
259                 1) the set of possible matches is formed by the
260                    intersection of the following sets of entries:
261                      the set of entries with identical vacmGroupName
262                      the union of these two sets:
263                       - the set with identical vacmAccessContextPrefix
264                       - the set of entries with vacmAccessContextMatch
265                         value of 'prefix' and matching
266                         vacmAccessContextPrefix
267                      intersected with the union of these two sets:
268                       - the set of entries with identical
269                         vacmSecurityModel
270                       - the set of entries with vacmSecurityModel
271                         value of 'any'
272                      intersected with the set of entries with
273                      vacmAccessSecurityLevel value less than or equal
274                      to the requested securityLevel
275
276                 2) if this set has only one member, we're done
277                    otherwise, it comes down to deciding how to weight
278                    the preferences between ContextPrefixes,
279                    SecurityModels, and SecurityLevels as follows:
280                    a) if the subset of entries with securityModel
281                       matching the securityModel in the message is
282                       not empty, then discard the rest.
283                    b) if the subset of entries with
284                       vacmAccessContextPrefix matching the contextName
285                       in the message is not empty,
286                       then discard the rest
287                    c) discard all entries with ContextPrefixes shorter
288                       than the longest one remaining in the set
289                    d) select the entry with the highest securityLevel
290
291                 Please note that for securityLevel noAuthNoPriv, all
292                 groups are really equivalent since the assumption that
293                 the securityName has been authenticated does not hold.
294                "
295    ::= { vacmMIBObjects 4 }
296
297vacmAccessEntry  OBJECT-TYPE
298    SYNTAX       VacmAccessEntry
299    MAX-ACCESS   not-accessible
300    STATUS       current
301    DESCRIPTION "An access right configured in the Local Configuration
302                 Datastore (LCD) authorizing access to an SNMP context.
303
304                 Entries in this table can use an instance value for
305                 object vacmGroupName even if no entry in table
306                 vacmAccessSecurityToGroupTable has a corresponding
307                 value for object vacmGroupName.
308                "
309    INDEX       { vacmGroupName,
310                  vacmAccessContextPrefix,
311                  vacmAccessSecurityModel,
312                  vacmAccessSecurityLevel
313                }
314    ::= { vacmAccessTable 1 }
315
316VacmAccessEntry ::= SEQUENCE
317    {
318        vacmAccessContextPrefix    SnmpAdminString,
319        vacmAccessSecurityModel    SnmpSecurityModel,
320        vacmAccessSecurityLevel    SnmpSecurityLevel,
321        vacmAccessContextMatch     INTEGER,
322        vacmAccessReadViewName     SnmpAdminString,
323        vacmAccessWriteViewName    SnmpAdminString,
324        vacmAccessNotifyViewName   SnmpAdminString,
325        vacmAccessStorageType      StorageType,
326        vacmAccessStatus           RowStatus
327    }
328
329vacmAccessContextPrefix OBJECT-TYPE
330    SYNTAX       SnmpAdminString (SIZE(0..32))
331    MAX-ACCESS   not-accessible
332    STATUS       current
333    DESCRIPTION "In order to gain the access rights allowed by this
334                 conceptual row, a contextName must match exactly
335                 (if the value of vacmAccessContextMatch is 'exact')
336                 or partially (if the value of vacmAccessContextMatch
337                 is 'prefix') to the value of the instance of this
338                 object.
339                "
340    ::= { vacmAccessEntry 1 }
341
342vacmAccessSecurityModel OBJECT-TYPE
343    SYNTAX       SnmpSecurityModel
344    MAX-ACCESS   not-accessible
345    STATUS       current
346    DESCRIPTION "In order to gain the access rights allowed by this
347                 conceptual row, this securityModel must be in use.
348                "
349    ::= { vacmAccessEntry 2 }
350
351vacmAccessSecurityLevel OBJECT-TYPE
352    SYNTAX       SnmpSecurityLevel
353    MAX-ACCESS   not-accessible
354    STATUS       current
355    DESCRIPTION "The minimum level of security required in order to
356                 gain the access rights allowed by this conceptual
357                 row.  A securityLevel of noAuthNoPriv is less than
358                 authNoPriv which in turn is less than authPriv.
359
360                 If multiple entries are equally indexed except for
361                 this vacmAccessSecurityLevel index, then the entry
362                 which has the highest value for
363                 vacmAccessSecurityLevel is selected.
364                "
365    ::= { vacmAccessEntry 3 }
366
367vacmAccessContextMatch OBJECT-TYPE
368    SYNTAX       INTEGER
369                { exact (1), -- exact match of prefix and contextName
370                  prefix (2) -- Only match to the prefix
371                }
372    MAX-ACCESS   read-create
373    STATUS       current
374    DESCRIPTION "If the value of this object is exact(1), then all
375                 rows where the contextName exactly matches
376                 vacmAccessContextPrefix are selected.
377
378                 If the value of this object is prefix(2), then all
379                 rows where the contextName whose starting octets
380                 exactly match vacmAccessContextPrefix are selected.
381                 This allows for a simple form of wildcarding.
382                "
383    DEFVAL      { exact }
384    ::= { vacmAccessEntry 4 }
385
386vacmAccessReadViewName OBJECT-TYPE
387    SYNTAX       SnmpAdminString (SIZE(0..32))
388    MAX-ACCESS   read-create
389    STATUS       current
390    DESCRIPTION "The value of an instance of this object identifies
391                 the MIB view of the SNMP context to which this
392                 conceptual row authorizes read access.
393
394                 The identified MIB view is that one for which the
395                 vacmViewTreeFamilyViewName has the same value as the
396                 instance of this object; if the value is the empty
397                 string or if there is no active MIB view having this
398                 value of vacmViewTreeFamilyViewName, then no access
399                 is granted.
400                "
401    DEFVAL      { ''H }   -- the empty string
402    ::= { vacmAccessEntry 5 }
403
404vacmAccessWriteViewName OBJECT-TYPE
405    SYNTAX       SnmpAdminString (SIZE(0..32))
406    MAX-ACCESS   read-create
407    STATUS       current
408    DESCRIPTION "The value of an instance of this object identifies
409                 the MIB view of the SNMP context to which this
410                 conceptual row authorizes write access.
411
412                 The identified MIB view is that one for which the
413                 vacmViewTreeFamilyViewName has the same value as the
414                 instance of this object; if the value is the empty
415                 string or if there is no active MIB view having this
416                 value of vacmViewTreeFamilyViewName, then no access
417                 is granted.
418                "
419    DEFVAL      { ''H }   -- the empty string
420    ::= { vacmAccessEntry 6 }
421
422vacmAccessNotifyViewName OBJECT-TYPE
423    SYNTAX       SnmpAdminString (SIZE(0..32))
424    MAX-ACCESS   read-create
425    STATUS       current
426    DESCRIPTION "The value of an instance of this object identifies
427                 the MIB view of the SNMP context to which this
428                 conceptual row authorizes access for notifications.
429
430                 The identified MIB view is that one for which the
431                 vacmViewTreeFamilyViewName has the same value as the
432                 instance of this object; if the value is the empty
433                 string or if there is no active MIB view having this
434                 value of vacmViewTreeFamilyViewName, then no access
435                 is granted.
436                "
437    DEFVAL      { ''H }   -- the empty string
438    ::= { vacmAccessEntry 7 }
439
440vacmAccessStorageType OBJECT-TYPE
441    SYNTAX       StorageType
442    MAX-ACCESS   read-create
443    STATUS       current
444    DESCRIPTION "The storage type for this conceptual row.
445
446                 Conceptual rows having the value 'permanent' need not
447                 allow write-access to any columnar objects in the row.
448                "
449    DEFVAL      { nonVolatile }
450    ::= { vacmAccessEntry 8 }
451
452vacmAccessStatus OBJECT-TYPE
453    SYNTAX       RowStatus
454    MAX-ACCESS   read-create
455    STATUS       current
456    DESCRIPTION "The status of this conceptual row.
457
458                 The  RowStatus TC [RFC1903] requires that this
459                 DESCRIPTION clause states under which circumstances
460                 other objects in this row can be modified:
461
462                 The value of this object has no effect on whether
463                 other objects in this conceptual row can be modified.
464                "
465    ::= { vacmAccessEntry 9 }
466
467-- Information about MIB views ***************************************
468
469-- Support for instance-level granularity is optional.
470--
471-- In some implementations, instance-level access control
472-- granularity may come at a high performance cost.  Managers
473-- should avoid requesting such configurations unnecessarily.
474
475vacmMIBViews     OBJECT IDENTIFIER ::= { vacmMIBObjects 5 }
476
477vacmViewSpinLock OBJECT-TYPE
478    SYNTAX       TestAndIncr
479    MAX-ACCESS   read-write
480    STATUS       current
481    DESCRIPTION "An advisory lock used to allow cooperating SNMP
482                 Command Generator applications to coordinate their
483                 use of the Set operation in creating or modifying
484                 views.
485
486                 When creating a new view or altering an existing
487                 view, it is important to understand the potential
488                 interactions with other uses of the view.  The
489                 vacmViewSpinLock should be retrieved.  The name of
490                 the view to be created should be determined to be
491                 unique by the SNMP Command Generator application by
492                 consulting the vacmViewTreeFamilyTable.  Finally,
493                 the named view may be created (Set), including the
494                 advisory lock.
495                 If another SNMP Command Generator application has
496                 altered the views in the meantime, then the spin
497                 lock's value will have changed, and so this creation
498                 will fail because it will specify the wrong value for
499                 the spin lock.
500
501                 Since this is an advisory lock, the use of this lock
502                 is not enforced.
503                "
504    ::= { vacmMIBViews 1 }
505
506vacmViewTreeFamilyTable OBJECT-TYPE
507    SYNTAX       SEQUENCE OF VacmViewTreeFamilyEntry
508    MAX-ACCESS   not-accessible
509    STATUS       current
510    DESCRIPTION "Locally held information about families of subtrees
511                 within MIB views.
512
513                 Each MIB view is defined by two sets of view subtrees:
514                   - the included view subtrees, and
515                   - the excluded view subtrees.
516                 Every such view subtree, both the included and the
517                 excluded ones, is defined in this table.
518
519                 To determine if a particular object instance is in
520                 a particular MIB view, compare the object instance's
521                 OBJECT IDENTIFIER with each of the MIB view's active
522                 entries in this table.  If none match, then the
523                 object instance is not in the MIB view.  If one or
524                 more match, then the object instance is included in,
525                 or excluded from, the MIB view according to the
526                 value of vacmViewTreeFamilyType in the entry whose
527                 value of vacmViewTreeFamilySubtree has the most
528                 sub-identifiers.  If multiple entries match and have
529                 the same number of sub-identifiers (when wildcarding
530                 is specified with the value of vacmViewTreeFamilyMask),
531                 then the lexicographically greatest instance of
532                 vacmViewTreeFamilyType determines the inclusion or
533                 exclusion.
534
535                 An object instance's OBJECT IDENTIFIER X matches an
536                 active entry in this table when the number of
537                 sub-identifiers in X is at least as many as in the
538                 value of vacmViewTreeFamilySubtree for the entry,
539                 and each sub-identifier in the value of
540                 vacmViewTreeFamilySubtree matches its corresponding
541                 sub-identifier in X.  Two sub-identifiers match
542                 either if the corresponding bit of the value of
543                 vacmViewTreeFamilyMask for the entry is zero (the
544                 'wild card' value), or if they are equal.
545
546                 A 'family' of subtrees is the set of subtrees defined
547                 by a particular combination of values of
548                 vacmViewTreeFamilySubtree and vacmViewTreeFamilyMask.
549                 In the case where no 'wild card' is defined in the
550                 vacmViewTreeFamilyMask, the family of subtrees reduces
551                 to a single subtree.
552
553                 When creating or changing MIB views, an SNMP Command
554                 Generator application should utilize the
555                 vacmViewSpinLock to try to avoid collisions. See
556                 DESCRIPTION clause of vacmViewSpinLock.
557
558                 When creating MIB views, it is strongly advised that
559                 first the 'excluded' vacmViewTreeFamilyEntries are
560                 created and then the 'included' entries.
561
562                 When deleting MIB views, it is strongly advised that
563                 first the 'included' vacmViewTreeFamilyEntries are
564                 deleted and then the 'excluded' entries.
565
566                 If a create for an entry for instance-level access
567                 control is received and the implementation does not
568                 support instance-level granularity, then an
569                 inconsistentName error must be returned.
570                "
571    ::= { vacmMIBViews 2 }
572
573vacmViewTreeFamilyEntry OBJECT-TYPE
574    SYNTAX       VacmViewTreeFamilyEntry
575    MAX-ACCESS   not-accessible
576    STATUS       current
577    DESCRIPTION "Information on a particular family of view subtrees
578                 included in or excluded from a particular SNMP
579                 context's MIB view.
580
581                 Implementations must not restrict the number of
582                 families of view subtrees for a given MIB view,
583                 except as dictated by resource constraints on the
584                 overall number of entries in the
585                 vacmViewTreeFamilyTable.
586
587                 If no conceptual rows exist in this table for a given
588                 MIB view (viewName), that view may be thought of as
589                 consisting of the empty set of view subtrees.
590                "
591    INDEX       { vacmViewTreeFamilyViewName,
592                  vacmViewTreeFamilySubtree
593                }
594    ::= { vacmViewTreeFamilyTable 1 }
595
596VacmViewTreeFamilyEntry ::= SEQUENCE
597    {
598        vacmViewTreeFamilyViewName     SnmpAdminString,
599        vacmViewTreeFamilySubtree      OBJECT IDENTIFIER,
600        vacmViewTreeFamilyMask         OCTET STRING,
601        vacmViewTreeFamilyType         INTEGER,
602        vacmViewTreeFamilyStorageType  StorageType,
603        vacmViewTreeFamilyStatus       RowStatus
604    }
605
606vacmViewTreeFamilyViewName OBJECT-TYPE
607    SYNTAX       SnmpAdminString (SIZE(1..32))
608    MAX-ACCESS   not-accessible
609    STATUS       current
610    DESCRIPTION "The human readable name for a family of view subtrees.
611                "
612    ::= { vacmViewTreeFamilyEntry 1 }
613
614vacmViewTreeFamilySubtree OBJECT-TYPE
615    SYNTAX       OBJECT IDENTIFIER
616    MAX-ACCESS   not-accessible
617    STATUS       current
618    DESCRIPTION "The MIB subtree which when combined with the
619                 corresponding instance of vacmViewTreeFamilyMask
620                 defines a family of view subtrees.
621                "
622    ::= { vacmViewTreeFamilyEntry 2 }
623
624vacmViewTreeFamilyMask OBJECT-TYPE
625    SYNTAX       OCTET STRING (SIZE (0..16))
626    MAX-ACCESS   read-create
627    STATUS       current
628    DESCRIPTION "The bit mask which, in combination with the
629                 corresponding instance of vacmViewTreeFamilySubtree,
630                 defines a family of view subtrees.
631
632                 Each bit of this bit mask corresponds to a
633                 sub-identifier of vacmViewTreeFamilySubtree, with the
634                 most significant bit of the i-th octet of this octet
635                 string value (extended if necessary, see below)
636                 corresponding to the (8*i - 7)-th sub-identifier, and
637                 the least significant bit of the i-th octet of this
638                 octet string corresponding to the (8*i)-th
639                 sub-identifier, where i is in the range 1 through 16.
640
641                 Each bit of this bit mask specifies whether or not
642                 the corresponding sub-identifiers must match when
643                 determining if an OBJECT IDENTIFIER is in this
644                 family of view subtrees; a '1' indicates that an
645                 exact match must occur; a '0' indicates 'wild card',
646                 i.e., any sub-identifier value matches.
647
648                 Thus, the OBJECT IDENTIFIER X of an object instance
649                 is contained in a family of view subtrees if, for
650                 each sub-identifier of the value of
651                 vacmViewTreeFamilySubtree, either:
652
653                   the i-th bit of vacmViewTreeFamilyMask is 0, or
654
655                   the i-th sub-identifier of X is equal to the i-th
656                   sub-identifier of the value of
657                   vacmViewTreeFamilySubtree.
658
659                 If the value of this bit mask is M bits long and
660                 there are more than M sub-identifiers in the
661                 corresponding instance of vacmViewTreeFamilySubtree,
662                 then the bit mask is extended with 1's to be the
663                 required length.
664
665                 Note that when the value of this object is the
666                 zero-length string, this extension rule results in
667                 a mask of all-1's being used (i.e., no 'wild card'),
668                 and the family of view subtrees is the one view
669                 subtree uniquely identified by the corresponding
670                 instance of vacmViewTreeFamilySubtree.
671
672                 Note that masks of length greater than zero length
673                 do not need to be supported. In this case this
674                 object is made read-only.
675                "
676    DEFVAL      { ''H }
677    ::= { vacmViewTreeFamilyEntry 3 }
678
679vacmViewTreeFamilyType OBJECT-TYPE
680    SYNTAX       INTEGER  { included(1), excluded(2) }
681    MAX-ACCESS   read-create
682    STATUS       current
683    DESCRIPTION "Indicates whether the corresponding instances of
684                 vacmViewTreeFamilySubtree and vacmViewTreeFamilyMask
685                 define a family of view subtrees which is included in
686                 or excluded from the MIB view.
687                "
688    DEFVAL      { included }
689    ::= { vacmViewTreeFamilyEntry 4 }
690
691vacmViewTreeFamilyStorageType OBJECT-TYPE
692    SYNTAX       StorageType
693    MAX-ACCESS   read-create
694    STATUS       current
695    DESCRIPTION "The storage type for this conceptual row.
696
697                 Conceptual rows having the value 'permanent' need not
698                 allow write-access to any columnar objects in the row.
699                "
700    DEFVAL      { nonVolatile }
701    ::= { vacmViewTreeFamilyEntry 5 }
702
703vacmViewTreeFamilyStatus OBJECT-TYPE
704    SYNTAX       RowStatus
705    MAX-ACCESS   read-create
706    STATUS       current
707    DESCRIPTION "The status of this conceptual row.
708
709                 The  RowStatus TC [RFC1903] requires that this
710                 DESCRIPTION clause states under which circumstances
711                 other objects in this row can be modified:
712
713                 The value of this object has no effect on whether
714                 other objects in this conceptual row can be modified.
715                "
716    ::= { vacmViewTreeFamilyEntry 6 }
717
718-- Conformance information *******************************************
719
720vacmMIBCompliances  OBJECT IDENTIFIER ::= { vacmMIBConformance 1 }
721vacmMIBGroups       OBJECT IDENTIFIER ::= { vacmMIBConformance 2 }
722
723-- Compliance statements *********************************************
724
725vacmMIBCompliance MODULE-COMPLIANCE
726    STATUS       current
727    DESCRIPTION "The compliance statement for SNMP engines which
728                 implement the SNMP View-based Access Control Model
729                 configuration MIB.
730                "
731    MODULE -- this module
732        MANDATORY-GROUPS { vacmBasicGroup }
733
734        OBJECT        vacmAccessContextMatch
735        MIN-ACCESS    read-only
736        DESCRIPTION  "Write access is not required."
737
738        OBJECT        vacmAccessReadViewName
739        MIN-ACCESS    read-only
740        DESCRIPTION  "Write access is not required."
741
742        OBJECT        vacmAccessWriteViewName
743        MIN-ACCESS    read-only
744        DESCRIPTION  "Write access is not required."
745
746        OBJECT        vacmAccessNotifyViewName
747        MIN-ACCESS    read-only
748        DESCRIPTION  "Write access is not required."
749
750        OBJECT        vacmAccessStorageType
751        MIN-ACCESS    read-only
752        DESCRIPTION  "Write access is not required."
753
754        OBJECT        vacmAccessStatus
755        MIN-ACCESS    read-only
756        DESCRIPTION  "Create/delete/modify access to the
757                      vacmAccessTable is not required.
758                     "
759
760        OBJECT        vacmViewTreeFamilyMask
761        WRITE-SYNTAX  OCTET STRING (SIZE (0))
762        MIN-ACCESS    read-only
763        DESCRIPTION  "Support for configuration via SNMP of subtree
764                      families using wild-cards is not required.
765                     "
766
767        OBJECT        vacmViewTreeFamilyType
768        MIN-ACCESS    read-only
769        DESCRIPTION  "Write access is not required."
770
771        OBJECT        vacmViewTreeFamilyStorageType
772        MIN-ACCESS    read-only
773        DESCRIPTION  "Write access is not required."
774
775        OBJECT        vacmViewTreeFamilyStatus
776        MIN-ACCESS    read-only
777        DESCRIPTION  "Create/delete/modify access to the
778                      vacmViewTreeFamilyTable is not required.
779                     "
780    ::= { vacmMIBCompliances 1 }
781
782-- Units of conformance **********************************************
783
784vacmBasicGroup OBJECT-GROUP
785    OBJECTS {
786              vacmContextName,
787              vacmGroupName,
788              vacmSecurityToGroupStorageType,
789              vacmSecurityToGroupStatus,
790              vacmAccessContextMatch,
791              vacmAccessReadViewName,
792              vacmAccessWriteViewName,
793              vacmAccessNotifyViewName,
794              vacmAccessStorageType,
795              vacmAccessStatus,
796              vacmViewSpinLock,
797              vacmViewTreeFamilyMask,
798              vacmViewTreeFamilyType,
799              vacmViewTreeFamilyStorageType,
800              vacmViewTreeFamilyStatus
801            }
802    STATUS       current
803    DESCRIPTION "A collection of objects providing for remote
804                 configuration of an SNMP engine which implements
805                 the SNMP View-based Access Control Model.
806                "
807    ::= { vacmMIBGroups 1 }
808
809END
810
811
812
813
814Erlang/OTP                           SNMP           SNMP-VIEW-BASED-ACM-MIB(7)
Impressum