1SNMP-VIEW-BASED-ACM-MIB(7) MIB SNMP-VIEW-BASED-ACM-MIB(7)
2SNMP-VIEW-BASED-ACM-MIB DEFINITIONS ::= BEGIN
6IMPORTS
8 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF
9 MODULE-IDENTITY, OBJECT-TYPE,
10 snmpModules FROM SNMPv2-SMI
11 TestAndIncr,
12 RowStatus, StorageType FROM SNMPv2-TC
13 SnmpAdminString,
14 SnmpSecurityLevel,
15 SnmpSecurityModel FROM SNMP-FRAMEWORK-MIB;
16snmpVacmMIB MODULE-IDENTITY
18 LAST-UPDATED "9901200000Z" -- 20 Jan 1999, midnight
19 ORGANIZATION "SNMPv3 Working Group"
20 CONTACT-INFO "WG-email: snmpv3@tis.com
21 Subscribe: majordomo@tis.com
22 In message body: subscribe snmpv3
23 Chair: Russ Mundy
25 Trusted Information Systems
26 postal: 3060 Washington Rd
27 Glenwood MD 21738
28 USA
29 email: mundy@tis.com
30 phone: +1-301-854-6889
31 Co-editor: Bert Wijnen
33 IBM T.J. Watson Research
34 postal: Schagen 33
35 3461 GL Linschoten
36 Netherlands
37 email: wijnen@vnet.ibm.com
38 phone: +31-348-432-794
39 Co-editor: Randy Presuhn
41 BMC Software, Inc
42 postal: 965 Stewart Drive
43 Sunnyvale, CA 94086
44 USA
45 email: randy_presuhn@bmc.com
46 phone: +1-408-616-3100
47 Co-editor: Keith McCloghrie
49 Cisco Systems, Inc.
50 postal: 170 West Tasman Drive
51 San Jose, CA 95134-1706
52 USA
53 email: kzm@cisco.com
54 phone: +1-408-526-5260
55 "
56 DESCRIPTION "The management information definitions for the
57 View-based Access Control Model for SNMP.
58 "
59-- Revision history
60 REVISION "9901200000Z" -- 20 Jan 1999, midnight
61 -- RFC-Editor assigns RFCxxxx
62 DESCRIPTION "Clarifications, published as RFCxxxx"
63 REVISION "9711200000Z" -- 20 Nov 1997, midnight
65 DESCRIPTION "Initial version, published as RFC2275"
66 ::= { snmpModules 16 }
68-- Administrative assignments ****************************************
70vacmMIBObjects OBJECT IDENTIFIER ::= { snmpVacmMIB 1 }
72vacmMIBConformance OBJECT IDENTIFIER ::= { snmpVacmMIB 2 }
73-- Information about Local Contexts **********************************
75vacmContextTable OBJECT-TYPE
77 SYNTAX SEQUENCE OF VacmContextEntry
78 MAX-ACCESS not-accessible
79 STATUS current
80 DESCRIPTION "The table of locally available contexts.
81 This table provides information to SNMP Command
83 Generator applications so that they can properly
84 configure the vacmAccessTable to control access to
85 all contexts at the SNMP entity.
86 This table may change dynamically if the SNMP entity
88 allows that contexts are added/deleted dynamically
89 (for instance when its configuration changes). Such
90 changes would happen only if the management
91 instrumentation at that SNMP entity recognizes more
92 (or fewer) contexts.
93 The presence of entries in this table and of entries
95 in the vacmAccessTable are independent. That is, a
96 context identified by an entry in this table is not
97 necessarily referenced by any entries in the
98 vacmAccessTable; and the context(s) referenced by an
99 entry in the vacmAccessTable does not necessarily
100 currently exist and thus need not be identified by an
101 entry in this table.
102 This table must be made accessible via the default
104 context so that Command Responder applications have
105 a standard way of retrieving the information.
106 This table is read-only. It cannot be configured via
108 SNMP.
109 "
110 ::= { vacmMIBObjects 1 }
111vacmContextEntry OBJECT-TYPE
113 SYNTAX VacmContextEntry
114 MAX-ACCESS not-accessible
115 STATUS current
116 DESCRIPTION "Information about a particular context."
117 INDEX {
118 vacmContextName
119 }
120 ::= { vacmContextTable 1 }
121VacmContextEntry ::= SEQUENCE
123 {
124 vacmContextName SnmpAdminString
125 }
126vacmContextName OBJECT-TYPE
128 SYNTAX SnmpAdminString (SIZE(0..32))
129 MAX-ACCESS read-only
130 STATUS current
131 DESCRIPTION "A human readable name identifying a particular
132 context at a particular SNMP entity.
133 The empty contextName (zero length) represents the
135 default context.
136 "
137 ::= { vacmContextEntry 1 }
138-- Information about Groups ******************************************
140vacmSecurityToGroupTable OBJECT-TYPE
142 SYNTAX SEQUENCE OF VacmSecurityToGroupEntry
143 MAX-ACCESS not-accessible
144 STATUS current
145 DESCRIPTION "This table maps a combination of securityModel and
146 securityName into a groupName which is used to define
147 an access control policy for a group of principals.
148 "
149 ::= { vacmMIBObjects 2 }
150vacmSecurityToGroupEntry OBJECT-TYPE
152 SYNTAX VacmSecurityToGroupEntry
153 MAX-ACCESS not-accessible
154 STATUS current
155 DESCRIPTION "An entry in this table maps the combination of a
156 securityModel and securityName into a groupName.
157 "
158 INDEX {
159 vacmSecurityModel,
160 vacmSecurityName
161 }
162 ::= { vacmSecurityToGroupTable 1 }
163VacmSecurityToGroupEntry ::= SEQUENCE
165 {
166 vacmSecurityModel SnmpSecurityModel,
167 vacmSecurityName SnmpAdminString,
168 vacmGroupName SnmpAdminString,
169 vacmSecurityToGroupStorageType StorageType,
170 vacmSecurityToGroupStatus RowStatus
171 }
172vacmSecurityModel OBJECT-TYPE
174 SYNTAX SnmpSecurityModel(1..2147483647)
175 MAX-ACCESS not-accessible
176 STATUS current
177 DESCRIPTION "The Security Model, by which the vacmSecurityName
178 referenced by this entry is provided.
179 Note, this object may not take the 'any' (0) value.
181 "
182 ::= { vacmSecurityToGroupEntry 1 }
183vacmSecurityName OBJECT-TYPE
185 SYNTAX SnmpAdminString (SIZE(1..32))
186 MAX-ACCESS not-accessible
187 STATUS current
188 DESCRIPTION "The securityName for the principal, represented in a
189 Security Model independent format, which is mapped by
190 this entry to a groupName.
191 "
192 ::= { vacmSecurityToGroupEntry 2 }
193vacmGroupName OBJECT-TYPE
195 SYNTAX SnmpAdminString (SIZE(1..32))
196 MAX-ACCESS read-create
197 STATUS current
198 DESCRIPTION "The name of the group to which this entry (e.g., the
199 combination of securityModel and securityName)
200 belongs.
201 This groupName is used as index into the
203 vacmAccessTable to select an access control policy.
204 However, a value in this table does not imply that an
205 instance with the value exists in table vacmAccesTable.
206 "
207 ::= { vacmSecurityToGroupEntry 3 }
208vacmSecurityToGroupStorageType OBJECT-TYPE
210 SYNTAX StorageType
211 MAX-ACCESS read-create
212 STATUS current
213 DESCRIPTION "The storage type for this conceptual row.
214 Conceptual rows having the value 'permanent' need not
215 allow write-access to any columnar objects in the row.
216 "
217 DEFVAL { nonVolatile }
218 ::= { vacmSecurityToGroupEntry 4 }
219vacmSecurityToGroupStatus OBJECT-TYPE
221 SYNTAX RowStatus
222 MAX-ACCESS read-create
223 STATUS current
224 DESCRIPTION "The status of this conceptual row.
225 Until instances of all corresponding columns are
227 appropriately configured, the value of the
228 corresponding instance of the vacmSecurityToGroupStatus
229 column is 'notReady'.
230 In particular, a newly created row cannot be made
232 active until a value has been set for vacmGroupName.
233 The RowStatus TC [RFC1903] requires that this
235 DESCRIPTION clause states under which circumstances
236 other objects in this row can be modified:
237 The value of this object has no effect on whether
239 other objects in this conceptual row can be modified.
240 "
241 ::= { vacmSecurityToGroupEntry 5 }
242-- Information about Access Rights ***********************************
244vacmAccessTable OBJECT-TYPE
246 SYNTAX SEQUENCE OF VacmAccessEntry
247 MAX-ACCESS not-accessible
248 STATUS current
249 DESCRIPTION "The table of access rights for groups.
250 Each entry is indexed by a groupName, a contextPrefix,
252 a securityModel and a securityLevel. To determine
253 whether access is allowed, one entry from this table
254 needs to be selected and the proper viewName from that
255 entry must be used for access control checking.
256 To select the proper entry, follow these steps:
258 1) the set of possible matches is formed by the
260 intersection of the following sets of entries:
261 the set of entries with identical vacmGroupName
262 the union of these two sets:
263 - the set with identical vacmAccessContextPrefix
264 - the set of entries with vacmAccessContextMatch
265 value of 'prefix' and matching
266 vacmAccessContextPrefix
267 intersected with the union of these two sets:
268 - the set of entries with identical
269 vacmSecurityModel
270 - the set of entries with vacmSecurityModel
271 value of 'any'
272 intersected with the set of entries with
273 vacmAccessSecurityLevel value less than or equal
274 to the requested securityLevel
275 2) if this set has only one member, we're done
277 otherwise, it comes down to deciding how to weight
278 the preferences between ContextPrefixes,
279 SecurityModels, and SecurityLevels as follows:
280 a) if the subset of entries with securityModel
281 matching the securityModel in the message is
282 not empty, then discard the rest.
283 b) if the subset of entries with
284 vacmAccessContextPrefix matching the contextName
285 in the message is not empty,
286 then discard the rest
287 c) discard all entries with ContextPrefixes shorter
288 than the longest one remaining in the set
289 d) select the entry with the highest securityLevel
290 Please note that for securityLevel noAuthNoPriv, all
292 groups are really equivalent since the assumption that
293 the securityName has been authenticated does not hold.
294 "
295 ::= { vacmMIBObjects 4 }
296vacmAccessEntry OBJECT-TYPE
298 SYNTAX VacmAccessEntry
299 MAX-ACCESS not-accessible
300 STATUS current
301 DESCRIPTION "An access right configured in the Local Configuration
302 Datastore (LCD) authorizing access to an SNMP context.
303 Entries in this table can use an instance value for
305 object vacmGroupName even if no entry in table
306 vacmAccessSecurityToGroupTable has a corresponding
307 value for object vacmGroupName.
308 "
309 INDEX { vacmGroupName,
310 vacmAccessContextPrefix,
311 vacmAccessSecurityModel,
312 vacmAccessSecurityLevel
313 }
314 ::= { vacmAccessTable 1 }
315VacmAccessEntry ::= SEQUENCE
317 {
318 vacmAccessContextPrefix SnmpAdminString,
319 vacmAccessSecurityModel SnmpSecurityModel,
320 vacmAccessSecurityLevel SnmpSecurityLevel,
321 vacmAccessContextMatch INTEGER,
322 vacmAccessReadViewName SnmpAdminString,
323 vacmAccessWriteViewName SnmpAdminString,
324 vacmAccessNotifyViewName SnmpAdminString,
325 vacmAccessStorageType StorageType,
326 vacmAccessStatus RowStatus
327 }
328vacmAccessContextPrefix OBJECT-TYPE
330 SYNTAX SnmpAdminString (SIZE(0..32))
331 MAX-ACCESS not-accessible
332 STATUS current
333 DESCRIPTION "In order to gain the access rights allowed by this
334 conceptual row, a contextName must match exactly
335 (if the value of vacmAccessContextMatch is 'exact')
336 or partially (if the value of vacmAccessContextMatch
337 is 'prefix') to the value of the instance of this
338 object.
339 "
340 ::= { vacmAccessEntry 1 }
341vacmAccessSecurityModel OBJECT-TYPE
343 SYNTAX SnmpSecurityModel
344 MAX-ACCESS not-accessible
345 STATUS current
346 DESCRIPTION "In order to gain the access rights allowed by this
347 conceptual row, this securityModel must be in use.
348 "
349 ::= { vacmAccessEntry 2 }
350vacmAccessSecurityLevel OBJECT-TYPE
352 SYNTAX SnmpSecurityLevel
353 MAX-ACCESS not-accessible
354 STATUS current
355 DESCRIPTION "The minimum level of security required in order to
356 gain the access rights allowed by this conceptual
357 row. A securityLevel of noAuthNoPriv is less than
358 authNoPriv which in turn is less than authPriv.
359 If multiple entries are equally indexed except for
361 this vacmAccessSecurityLevel index, then the entry
362 which has the highest value for
363 vacmAccessSecurityLevel is selected.
364 "
365 ::= { vacmAccessEntry 3 }
366vacmAccessContextMatch OBJECT-TYPE
368 SYNTAX INTEGER
369 { exact (1), -- exact match of prefix and contextName
370 prefix (2) -- Only match to the prefix
371 }
372 MAX-ACCESS read-create
373 STATUS current
374 DESCRIPTION "If the value of this object is exact(1), then all
375 rows where the contextName exactly matches
376 vacmAccessContextPrefix are selected.
377 If the value of this object is prefix(2), then all
379 rows where the contextName whose starting octets
380 exactly match vacmAccessContextPrefix are selected.
381 This allows for a simple form of wildcarding.
382 "
383 DEFVAL { exact }
384 ::= { vacmAccessEntry 4 }
385vacmAccessReadViewName OBJECT-TYPE
387 SYNTAX SnmpAdminString (SIZE(0..32))
388 MAX-ACCESS read-create
389 STATUS current
390 DESCRIPTION "The value of an instance of this object identifies
391 the MIB view of the SNMP context to which this
392 conceptual row authorizes read access.
393 The identified MIB view is that one for which the
395 vacmViewTreeFamilyViewName has the same value as the
396 instance of this object; if the value is the empty
397 string or if there is no active MIB view having this
398 value of vacmViewTreeFamilyViewName, then no access
399 is granted.
400 "
401 DEFVAL { ''H } -- the empty string
402 ::= { vacmAccessEntry 5 }
403vacmAccessWriteViewName OBJECT-TYPE
405 SYNTAX SnmpAdminString (SIZE(0..32))
406 MAX-ACCESS read-create
407 STATUS current
408 DESCRIPTION "The value of an instance of this object identifies
409 the MIB view of the SNMP context to which this
410 conceptual row authorizes write access.
411 The identified MIB view is that one for which the
413 vacmViewTreeFamilyViewName has the same value as the
414 instance of this object; if the value is the empty
415 string or if there is no active MIB view having this
416 value of vacmViewTreeFamilyViewName, then no access
417 is granted.
418 "
419 DEFVAL { ''H } -- the empty string
420 ::= { vacmAccessEntry 6 }
421vacmAccessNotifyViewName OBJECT-TYPE
423 SYNTAX SnmpAdminString (SIZE(0..32))
424 MAX-ACCESS read-create
425 STATUS current
426 DESCRIPTION "The value of an instance of this object identifies
427 the MIB view of the SNMP context to which this
428 conceptual row authorizes access for notifications.
429 The identified MIB view is that one for which the
431 vacmViewTreeFamilyViewName has the same value as the
432 instance of this object; if the value is the empty
433 string or if there is no active MIB view having this
434 value of vacmViewTreeFamilyViewName, then no access
435 is granted.
436 "
437 DEFVAL { ''H } -- the empty string
438 ::= { vacmAccessEntry 7 }
439vacmAccessStorageType OBJECT-TYPE
441 SYNTAX StorageType
442 MAX-ACCESS read-create
443 STATUS current
444 DESCRIPTION "The storage type for this conceptual row.
445 Conceptual rows having the value 'permanent' need not
447 allow write-access to any columnar objects in the row.
448 "
449 DEFVAL { nonVolatile }
450 ::= { vacmAccessEntry 8 }
451vacmAccessStatus OBJECT-TYPE
453 SYNTAX RowStatus
454 MAX-ACCESS read-create
455 STATUS current
456 DESCRIPTION "The status of this conceptual row.
457 The RowStatus TC [RFC1903] requires that this
459 DESCRIPTION clause states under which circumstances
460 other objects in this row can be modified:
461 The value of this object has no effect on whether
463 other objects in this conceptual row can be modified.
464 "
465 ::= { vacmAccessEntry 9 }
466-- Information about MIB views ***************************************
468-- Support for instance-level granularity is optional.
470--
471-- In some implementations, instance-level access control
472-- granularity may come at a high performance cost. Managers
473-- should avoid requesting such configurations unnecessarily.
474vacmMIBViews OBJECT IDENTIFIER ::= { vacmMIBObjects 5 }
476vacmViewSpinLock OBJECT-TYPE
478 SYNTAX TestAndIncr
479 MAX-ACCESS read-write
480 STATUS current
481 DESCRIPTION "An advisory lock used to allow cooperating SNMP
482 Command Generator applications to coordinate their
483 use of the Set operation in creating or modifying
484 views.
485 When creating a new view or altering an existing
487 view, it is important to understand the potential
488 interactions with other uses of the view. The
489 vacmViewSpinLock should be retrieved. The name of
490 the view to be created should be determined to be
491 unique by the SNMP Command Generator application by
492 consulting the vacmViewTreeFamilyTable. Finally,
493 the named view may be created (Set), including the
494 advisory lock.
495 If another SNMP Command Generator application has
496 altered the views in the meantime, then the spin
497 lock's value will have changed, and so this creation
498 will fail because it will specify the wrong value for
499 the spin lock.
500 Since this is an advisory lock, the use of this lock
502 is not enforced.
503 "
504 ::= { vacmMIBViews 1 }
505vacmViewTreeFamilyTable OBJECT-TYPE
507 SYNTAX SEQUENCE OF VacmViewTreeFamilyEntry
508 MAX-ACCESS not-accessible
509 STATUS current
510 DESCRIPTION "Locally held information about families of subtrees
511 within MIB views.
512 Each MIB view is defined by two sets of view subtrees:
514 - the included view subtrees, and
515 - the excluded view subtrees.
516 Every such view subtree, both the included and the
517 excluded ones, is defined in this table.
518 To determine if a particular object instance is in
520 a particular MIB view, compare the object instance's
521 OBJECT IDENTIFIER with each of the MIB view's active
522 entries in this table. If none match, then the
523 object instance is not in the MIB view. If one or
524 more match, then the object instance is included in,
525 or excluded from, the MIB view according to the
526 value of vacmViewTreeFamilyType in the entry whose
527 value of vacmViewTreeFamilySubtree has the most
528 sub-identifiers. If multiple entries match and have
529 the same number of sub-identifiers (when wildcarding
530 is specified with the value of vacmViewTreeFamilyMask),
531 then the lexicographically greatest instance of
532 vacmViewTreeFamilyType determines the inclusion or
533 exclusion.
534 An object instance's OBJECT IDENTIFIER X matches an
536 active entry in this table when the number of
537 sub-identifiers in X is at least as many as in the
538 value of vacmViewTreeFamilySubtree for the entry,
539 and each sub-identifier in the value of
540 vacmViewTreeFamilySubtree matches its corresponding
541 sub-identifier in X. Two sub-identifiers match
542 either if the corresponding bit of the value of
543 vacmViewTreeFamilyMask for the entry is zero (the
544 'wild card' value), or if they are equal.
545 A 'family' of subtrees is the set of subtrees defined
547 by a particular combination of values of
548 vacmViewTreeFamilySubtree and vacmViewTreeFamilyMask.
549 In the case where no 'wild card' is defined in the
550 vacmViewTreeFamilyMask, the family of subtrees reduces
551 to a single subtree.
552 When creating or changing MIB views, an SNMP Command
554 Generator application should utilize the
555 vacmViewSpinLock to try to avoid collisions. See
556 DESCRIPTION clause of vacmViewSpinLock.
557 When creating MIB views, it is strongly advised that
559 first the 'excluded' vacmViewTreeFamilyEntries are
560 created and then the 'included' entries.
561 When deleting MIB views, it is strongly advised that
563 first the 'included' vacmViewTreeFamilyEntries are
564 deleted and then the 'excluded' entries.
565 If a create for an entry for instance-level access
567 control is received and the implementation does not
568 support instance-level granularity, then an
569 inconsistentName error must be returned.
570 "
571 ::= { vacmMIBViews 2 }
572vacmViewTreeFamilyEntry OBJECT-TYPE
574 SYNTAX VacmViewTreeFamilyEntry
575 MAX-ACCESS not-accessible
576 STATUS current
577 DESCRIPTION "Information on a particular family of view subtrees
578 included in or excluded from a particular SNMP
579 context's MIB view.
580 Implementations must not restrict the number of
582 families of view subtrees for a given MIB view,
583 except as dictated by resource constraints on the
584 overall number of entries in the
585 vacmViewTreeFamilyTable.
586 If no conceptual rows exist in this table for a given
588 MIB view (viewName), that view may be thought of as
589 consisting of the empty set of view subtrees.
590 "
591 INDEX { vacmViewTreeFamilyViewName,
592 vacmViewTreeFamilySubtree
593 }
594 ::= { vacmViewTreeFamilyTable 1 }
595VacmViewTreeFamilyEntry ::= SEQUENCE
597 {
598 vacmViewTreeFamilyViewName SnmpAdminString,
599 vacmViewTreeFamilySubtree OBJECT IDENTIFIER,
600 vacmViewTreeFamilyMask OCTET STRING,
601 vacmViewTreeFamilyType INTEGER,
602 vacmViewTreeFamilyStorageType StorageType,
603 vacmViewTreeFamilyStatus RowStatus
604 }
605vacmViewTreeFamilyViewName OBJECT-TYPE
607 SYNTAX SnmpAdminString (SIZE(1..32))
608 MAX-ACCESS not-accessible
609 STATUS current
610 DESCRIPTION "The human readable name for a family of view subtrees.
611 "
612 ::= { vacmViewTreeFamilyEntry 1 }
613vacmViewTreeFamilySubtree OBJECT-TYPE
615 SYNTAX OBJECT IDENTIFIER
616 MAX-ACCESS not-accessible
617 STATUS current
618 DESCRIPTION "The MIB subtree which when combined with the
619 corresponding instance of vacmViewTreeFamilyMask
620 defines a family of view subtrees.
621 "
622 ::= { vacmViewTreeFamilyEntry 2 }
623vacmViewTreeFamilyMask OBJECT-TYPE
625 SYNTAX OCTET STRING (SIZE (0..16))
626 MAX-ACCESS read-create
627 STATUS current
628 DESCRIPTION "The bit mask which, in combination with the
629 corresponding instance of vacmViewTreeFamilySubtree,
630 defines a family of view subtrees.
631 Each bit of this bit mask corresponds to a
633 sub-identifier of vacmViewTreeFamilySubtree, with the
634 most significant bit of the i-th octet of this octet
635 string value (extended if necessary, see below)
636 corresponding to the (8*i - 7)-th sub-identifier, and
637 the least significant bit of the i-th octet of this
638 octet string corresponding to the (8*i)-th
639 sub-identifier, where i is in the range 1 through 16.
640 Each bit of this bit mask specifies whether or not
642 the corresponding sub-identifiers must match when
643 determining if an OBJECT IDENTIFIER is in this
644 family of view subtrees; a '1' indicates that an
645 exact match must occur; a '0' indicates 'wild card',
646 i.e., any sub-identifier value matches.
647 Thus, the OBJECT IDENTIFIER X of an object instance
649 is contained in a family of view subtrees if, for
650 each sub-identifier of the value of
651 vacmViewTreeFamilySubtree, either:
652 the i-th bit of vacmViewTreeFamilyMask is 0, or
654 the i-th sub-identifier of X is equal to the i-th
656 sub-identifier of the value of
657 vacmViewTreeFamilySubtree.
658 If the value of this bit mask is M bits long and
660 there are more than M sub-identifiers in the
661 corresponding instance of vacmViewTreeFamilySubtree,
662 then the bit mask is extended with 1's to be the
663 required length.
664 Note that when the value of this object is the
666 zero-length string, this extension rule results in
667 a mask of all-1's being used (i.e., no 'wild card'),
668 and the family of view subtrees is the one view
669 subtree uniquely identified by the corresponding
670 instance of vacmViewTreeFamilySubtree.
671 Note that masks of length greater than zero length
673 do not need to be supported. In this case this
674 object is made read-only.
675 "
676 DEFVAL { ''H }
677 ::= { vacmViewTreeFamilyEntry 3 }
678vacmViewTreeFamilyType OBJECT-TYPE
680 SYNTAX INTEGER { included(1), excluded(2) }
681 MAX-ACCESS read-create
682 STATUS current
683 DESCRIPTION "Indicates whether the corresponding instances of
684 vacmViewTreeFamilySubtree and vacmViewTreeFamilyMask
685 define a family of view subtrees which is included in
686 or excluded from the MIB view.
687 "
688 DEFVAL { included }
689 ::= { vacmViewTreeFamilyEntry 4 }
690vacmViewTreeFamilyStorageType OBJECT-TYPE
692 SYNTAX StorageType
693 MAX-ACCESS read-create
694 STATUS current
695 DESCRIPTION "The storage type for this conceptual row.
696 Conceptual rows having the value 'permanent' need not
698 allow write-access to any columnar objects in the row.
699 "
700 DEFVAL { nonVolatile }
701 ::= { vacmViewTreeFamilyEntry 5 }
702vacmViewTreeFamilyStatus OBJECT-TYPE
704 SYNTAX RowStatus
705 MAX-ACCESS read-create
706 STATUS current
707 DESCRIPTION "The status of this conceptual row.
708 The RowStatus TC [RFC1903] requires that this
710 DESCRIPTION clause states under which circumstances
711 other objects in this row can be modified:
712 The value of this object has no effect on whether
714 other objects in this conceptual row can be modified.
715 "
716 ::= { vacmViewTreeFamilyEntry 6 }
717-- Conformance information *******************************************
719vacmMIBCompliances OBJECT IDENTIFIER ::= { vacmMIBConformance 1 }
721vacmMIBGroups OBJECT IDENTIFIER ::= { vacmMIBConformance 2 }
722-- Compliance statements *********************************************
724vacmMIBCompliance MODULE-COMPLIANCE
726 STATUS current
727 DESCRIPTION "The compliance statement for SNMP engines which
728 implement the SNMP View-based Access Control Model
729 configuration MIB.
730 "
731 MODULE -- this module
732 MANDATORY-GROUPS { vacmBasicGroup }
733 OBJECT vacmAccessContextMatch
735 MIN-ACCESS read-only
736 DESCRIPTION "Write access is not required."
737 OBJECT vacmAccessReadViewName
739 MIN-ACCESS read-only
740 DESCRIPTION "Write access is not required."
741 OBJECT vacmAccessWriteViewName
743 MIN-ACCESS read-only
744 DESCRIPTION "Write access is not required."
745 OBJECT vacmAccessNotifyViewName
747 MIN-ACCESS read-only
748 DESCRIPTION "Write access is not required."
749 OBJECT vacmAccessStorageType
751 MIN-ACCESS read-only
752 DESCRIPTION "Write access is not required."
753 OBJECT vacmAccessStatus
755 MIN-ACCESS read-only
756 DESCRIPTION "Create/delete/modify access to the
757 vacmAccessTable is not required.
758 "
759 OBJECT vacmViewTreeFamilyMask
761 WRITE-SYNTAX OCTET STRING (SIZE (0))
762 MIN-ACCESS read-only
763 DESCRIPTION "Support for configuration via SNMP of subtree
764 families using wild-cards is not required.
765 "
766 OBJECT vacmViewTreeFamilyType
768 MIN-ACCESS read-only
769 DESCRIPTION "Write access is not required."
770 OBJECT vacmViewTreeFamilyStorageType
772 MIN-ACCESS read-only
773 DESCRIPTION "Write access is not required."
774 OBJECT vacmViewTreeFamilyStatus
776 MIN-ACCESS read-only
777 DESCRIPTION "Create/delete/modify access to the
778 vacmViewTreeFamilyTable is not required.
779 "
780 ::= { vacmMIBCompliances 1 }
781-- Units of conformance **********************************************
783vacmBasicGroup OBJECT-GROUP
785 OBJECTS {
786 vacmContextName,
787 vacmGroupName,
788 vacmSecurityToGroupStorageType,
789 vacmSecurityToGroupStatus,
790 vacmAccessContextMatch,
791 vacmAccessReadViewName,
792 vacmAccessWriteViewName,
793 vacmAccessNotifyViewName,
794 vacmAccessStorageType,
795 vacmAccessStatus,
796 vacmViewSpinLock,
797 vacmViewTreeFamilyMask,
798 vacmViewTreeFamilyType,
799 vacmViewTreeFamilyStorageType,
800 vacmViewTreeFamilyStatus
801 }
802 STATUS current
803 DESCRIPTION "A collection of objects providing for remote
804 configuration of an SNMP engine which implements
805 the SNMP View-based Access Control Model.
806 "
807 ::= { vacmMIBGroups 1 }
808END
810Erlang/OTP SNMP SNMP-VIEW-BASED-ACM-MIB(7)