Blame mibs/ietf/SNMP-VIEW-BASED-ACM-MIB

Packit 022b05
SNMP-VIEW-BASED-ACM-MIB DEFINITIONS ::= BEGIN
Packit 022b05
Packit 022b05
IMPORTS
Packit 022b05
    MODULE-COMPLIANCE, OBJECT-GROUP       FROM SNMPv2-CONF
Packit 022b05
    MODULE-IDENTITY, OBJECT-TYPE,
Packit 022b05
    snmpModules                           FROM SNMPv2-SMI
Packit 022b05
    TestAndIncr,
Packit 022b05
    RowStatus, StorageType                FROM SNMPv2-TC
Packit 022b05
    SnmpAdminString,
Packit 022b05
    SnmpSecurityLevel,
Packit 022b05
    SnmpSecurityModel                     FROM SNMP-FRAMEWORK-MIB;
Packit 022b05
Packit 022b05
snmpVacmMIB       MODULE-IDENTITY
Packit 022b05
    LAST-UPDATED "200210160000Z"          -- 16 Oct 2002, midnight
Packit 022b05
    ORGANIZATION "SNMPv3 Working Group"
Packit 022b05
    CONTACT-INFO "WG-email:   snmpv3@lists.tislabs.com
Packit 022b05
                  Subscribe:  majordomo@lists.tislabs.com
Packit 022b05
                              In message body:  subscribe snmpv3
Packit 022b05
Packit 022b05
                  Co-Chair:   Russ Mundy
Packit 022b05
                              Network Associates Laboratories
Packit 022b05
                  postal:     15204 Omega Drive, Suite 300
Packit 022b05
                              Rockville, MD 20850-4601
Packit 022b05
                              USA
Packit 022b05
                  email:      mundy@tislabs.com
Packit 022b05
                  phone:      +1 301-947-7107
Packit 022b05
Packit 022b05
                  Co-Chair:   David Harrington
Packit 022b05
                              Enterasys Networks
Packit 022b05
                  Postal:     35 Industrial Way
Packit 022b05
                              P. O. Box 5004
Packit 022b05
                              Rochester, New Hampshire 03866-5005
Packit 022b05
                              USA
Packit 022b05
                  EMail:      dbh@enterasys.com
Packit 022b05
                  Phone:      +1 603-337-2614
Packit 022b05
Packit 022b05
                  Co-editor:  Bert Wijnen
Packit 022b05
                              Lucent Technologies
Packit 022b05
                  postal:     Schagen 33
Packit 022b05
                              3461 GL Linschoten
Packit 022b05
                              Netherlands
Packit 022b05
                  email:      bwijnen@lucent.com
Packit 022b05
                  phone:      +31-348-480-685
Packit 022b05
Packit 022b05
                  Co-editor:  Randy Presuhn
Packit 022b05
                              BMC Software, Inc.
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
                  postal:     2141 North First Street
Packit 022b05
                              San Jose, CA 95131
Packit 022b05
                              USA
Packit 022b05
                  email:      randy_presuhn@bmc.com
Packit 022b05
                  phone:      +1 408-546-1006
Packit 022b05
Packit 022b05
                  Co-editor:  Keith McCloghrie
Packit 022b05
                              Cisco Systems, Inc.
Packit 022b05
                  postal:     170 West Tasman Drive
Packit 022b05
                              San Jose, CA  95134-1706
Packit 022b05
                              USA
Packit 022b05
                  email:      kzm@cisco.com
Packit 022b05
                  phone:      +1-408-526-5260
Packit 022b05
                 "
Packit 022b05
    DESCRIPTION  "The management information definitions for the
Packit 022b05
                  View-based Access Control Model for SNMP.
Packit 022b05
Packit 022b05
                  Copyright (C) The Internet Society (2002). This
Packit 022b05
                  version of this MIB module is part of RFC 3415;
Packit 022b05
                  see the RFC itself for full legal notices.
Packit 022b05
                 "
Packit 022b05
--  Revision history
Packit 022b05
Packit 022b05
    REVISION     "200210160000Z"          -- 16 Oct 2002, midnight
Packit 022b05
    DESCRIPTION  "Clarifications, published as RFC3415"
Packit 022b05
Packit 022b05
    REVISION     "199901200000Z"          -- 20 Jan 1999, midnight
Packit 022b05
    DESCRIPTION  "Clarifications, published as RFC2575"
Packit 022b05
Packit 022b05
    REVISION     "199711200000Z"          -- 20 Nov 1997, midnight
Packit 022b05
    DESCRIPTION  "Initial version, published as RFC2275"
Packit 022b05
Packit 022b05
    ::= { snmpModules 16 }
Packit 022b05
Packit 022b05
-- Administrative assignments ****************************************
Packit 022b05
Packit 022b05
vacmMIBObjects      OBJECT IDENTIFIER ::= { snmpVacmMIB 1 }
Packit 022b05
vacmMIBConformance  OBJECT IDENTIFIER ::= { snmpVacmMIB 2 }
Packit 022b05
Packit 022b05
-- Information about Local Contexts **********************************
Packit 022b05
Packit 022b05
vacmContextTable OBJECT-TYPE
Packit 022b05
    SYNTAX       SEQUENCE OF VacmContextEntry
Packit 022b05
    MAX-ACCESS   not-accessible
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The table of locally available contexts.
Packit 022b05
Packit 022b05
                 This table provides information to SNMP Command
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
                 Generator applications so that they can properly
Packit 022b05
                 configure the vacmAccessTable to control access to
Packit 022b05
                 all contexts at the SNMP entity.
Packit 022b05
Packit 022b05
                 This table may change dynamically if the SNMP entity
Packit 022b05
                 allows that contexts are added/deleted dynamically
Packit 022b05
                 (for instance when its configuration changes).  Such
Packit 022b05
                 changes would happen only if the management
Packit 022b05
                 instrumentation at that SNMP entity recognizes more
Packit 022b05
                 (or fewer) contexts.
Packit 022b05
Packit 022b05
                 The presence of entries in this table and of entries
Packit 022b05
                 in the vacmAccessTable are independent.  That is, a
Packit 022b05
                 context identified by an entry in this table is not
Packit 022b05
                 necessarily referenced by any entries in the
Packit 022b05
                 vacmAccessTable; and the context(s) referenced by an
Packit 022b05
                 entry in the vacmAccessTable does not necessarily
Packit 022b05
                 currently exist and thus need not be identified by an
Packit 022b05
                 entry in this table.
Packit 022b05
Packit 022b05
                 This table must be made accessible via the default
Packit 022b05
                 context so that Command Responder applications have
Packit 022b05
                 a standard way of retrieving the information.
Packit 022b05
Packit 022b05
                 This table is read-only.  It cannot be configured via
Packit 022b05
                 SNMP.
Packit 022b05
                "
Packit 022b05
    ::= { vacmMIBObjects 1 }
Packit 022b05
Packit 022b05
vacmContextEntry OBJECT-TYPE
Packit 022b05
    SYNTAX       VacmContextEntry
Packit 022b05
    MAX-ACCESS   not-accessible
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "Information about a particular context."
Packit 022b05
    INDEX       {
Packit 022b05
                  vacmContextName
Packit 022b05
                }
Packit 022b05
    ::= { vacmContextTable 1 }
Packit 022b05
Packit 022b05
VacmContextEntry ::= SEQUENCE
Packit 022b05
    {
Packit 022b05
        vacmContextName SnmpAdminString
Packit 022b05
    }
Packit 022b05
Packit 022b05
vacmContextName  OBJECT-TYPE
Packit 022b05
    SYNTAX       SnmpAdminString (SIZE(0..32))
Packit 022b05
    MAX-ACCESS   read-only
Packit 022b05
    STATUS       current
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
    DESCRIPTION "A human readable name identifying a particular
Packit 022b05
                 context at a particular SNMP entity.
Packit 022b05
Packit 022b05
                 The empty contextName (zero length) represents the
Packit 022b05
                 default context.
Packit 022b05
                "
Packit 022b05
    ::= { vacmContextEntry 1 }
Packit 022b05
Packit 022b05
-- Information about Groups ******************************************
Packit 022b05
Packit 022b05
vacmSecurityToGroupTable OBJECT-TYPE
Packit 022b05
    SYNTAX       SEQUENCE OF VacmSecurityToGroupEntry
Packit 022b05
    MAX-ACCESS   not-accessible
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "This table maps a combination of securityModel and
Packit 022b05
                 securityName into a groupName which is used to define
Packit 022b05
                 an access control policy for a group of principals.
Packit 022b05
                "
Packit 022b05
    ::= { vacmMIBObjects 2 }
Packit 022b05
Packit 022b05
vacmSecurityToGroupEntry OBJECT-TYPE
Packit 022b05
    SYNTAX       VacmSecurityToGroupEntry
Packit 022b05
    MAX-ACCESS   not-accessible
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "An entry in this table maps the combination of a
Packit 022b05
                 securityModel and securityName into a groupName.
Packit 022b05
                "
Packit 022b05
    INDEX       {
Packit 022b05
                  vacmSecurityModel,
Packit 022b05
                  vacmSecurityName
Packit 022b05
                }
Packit 022b05
    ::= { vacmSecurityToGroupTable 1 }
Packit 022b05
Packit 022b05
VacmSecurityToGroupEntry ::= SEQUENCE
Packit 022b05
    {
Packit 022b05
        vacmSecurityModel               SnmpSecurityModel,
Packit 022b05
        vacmSecurityName                SnmpAdminString,
Packit 022b05
        vacmGroupName                   SnmpAdminString,
Packit 022b05
        vacmSecurityToGroupStorageType  StorageType,
Packit 022b05
        vacmSecurityToGroupStatus       RowStatus
Packit 022b05
    }
Packit 022b05
Packit 022b05
vacmSecurityModel OBJECT-TYPE
Packit 022b05
    SYNTAX       SnmpSecurityModel(1..2147483647)
Packit 022b05
    MAX-ACCESS   not-accessible
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The Security Model, by which the vacmSecurityName
Packit 022b05
                 referenced by this entry is provided.
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
                 Note, this object may not take the 'any' (0) value.
Packit 022b05
                "
Packit 022b05
    ::= { vacmSecurityToGroupEntry 1 }
Packit 022b05
Packit 022b05
vacmSecurityName OBJECT-TYPE
Packit 022b05
    SYNTAX       SnmpAdminString (SIZE(1..32))
Packit 022b05
    MAX-ACCESS   not-accessible
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The securityName for the principal, represented in a
Packit 022b05
                 Security Model independent format, which is mapped by
Packit 022b05
                 this entry to a groupName.
Packit 022b05
                "
Packit 022b05
    ::= { vacmSecurityToGroupEntry 2 }
Packit 022b05
Packit 022b05
vacmGroupName    OBJECT-TYPE
Packit 022b05
    SYNTAX       SnmpAdminString (SIZE(1..32))
Packit 022b05
    MAX-ACCESS   read-create
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The name of the group to which this entry (e.g., the
Packit 022b05
                 combination of securityModel and securityName)
Packit 022b05
                 belongs.
Packit 022b05
Packit 022b05
                 This groupName is used as index into the
Packit 022b05
                 vacmAccessTable to select an access control policy.
Packit 022b05
                 However, a value in this table does not imply that an
Packit 022b05
                 instance with the value exists in table vacmAccesTable.
Packit 022b05
                "
Packit 022b05
    ::= { vacmSecurityToGroupEntry 3 }
Packit 022b05
Packit 022b05
vacmSecurityToGroupStorageType OBJECT-TYPE
Packit 022b05
    SYNTAX       StorageType
Packit 022b05
    MAX-ACCESS   read-create
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The storage type for this conceptual row.
Packit 022b05
                 Conceptual rows having the value 'permanent' need not
Packit 022b05
                 allow write-access to any columnar objects in the row.
Packit 022b05
                "
Packit 022b05
    DEFVAL      { nonVolatile }
Packit 022b05
    ::= { vacmSecurityToGroupEntry 4 }
Packit 022b05
Packit 022b05
vacmSecurityToGroupStatus OBJECT-TYPE
Packit 022b05
    SYNTAX       RowStatus
Packit 022b05
    MAX-ACCESS   read-create
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The status of this conceptual row.
Packit 022b05
Packit 022b05
                 Until instances of all corresponding columns are
Packit 022b05
                 appropriately configured, the value of the
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
                 corresponding instance of the vacmSecurityToGroupStatus
Packit 022b05
                 column is 'notReady'.
Packit 022b05
Packit 022b05
                 In particular, a newly created row cannot be made
Packit 022b05
                 active until a value has been set for vacmGroupName.
Packit 022b05
Packit 022b05
                 The  RowStatus TC [RFC2579] requires that this
Packit 022b05
                 DESCRIPTION clause states under which circumstances
Packit 022b05
                 other objects in this row can be modified:
Packit 022b05
Packit 022b05
                 The value of this object has no effect on whether
Packit 022b05
                 other objects in this conceptual row can be modified.
Packit 022b05
                "
Packit 022b05
    ::= { vacmSecurityToGroupEntry 5 }
Packit 022b05
Packit 022b05
-- Information about Access Rights ***********************************
Packit 022b05
Packit 022b05
vacmAccessTable  OBJECT-TYPE
Packit 022b05
    SYNTAX       SEQUENCE OF VacmAccessEntry
Packit 022b05
    MAX-ACCESS   not-accessible
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The table of access rights for groups.
Packit 022b05
Packit 022b05
                 Each entry is indexed by a groupName, a contextPrefix,
Packit 022b05
                 a securityModel and a securityLevel.  To determine
Packit 022b05
                 whether access is allowed, one entry from this table
Packit 022b05
                 needs to be selected and the proper viewName from that
Packit 022b05
                 entry must be used for access control checking.
Packit 022b05
Packit 022b05
                 To select the proper entry, follow these steps:
Packit 022b05
Packit 022b05
                 1) the set of possible matches is formed by the
Packit 022b05
                    intersection of the following sets of entries:
Packit 022b05
Packit 022b05
                      the set of entries with identical vacmGroupName
Packit 022b05
                      the union of these two sets:
Packit 022b05
                       - the set with identical vacmAccessContextPrefix
Packit 022b05
                       - the set of entries with vacmAccessContextMatch
Packit 022b05
                         value of 'prefix' and matching
Packit 022b05
                         vacmAccessContextPrefix
Packit 022b05
                      intersected with the union of these two sets:
Packit 022b05
                       - the set of entries with identical
Packit 022b05
                         vacmSecurityModel
Packit 022b05
                       - the set of entries with vacmSecurityModel
Packit 022b05
                         value of 'any'
Packit 022b05
                      intersected with the set of entries with
Packit 022b05
                      vacmAccessSecurityLevel value less than or equal
Packit 022b05
                      to the requested securityLevel
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
                 2) if this set has only one member, we're done
Packit 022b05
                    otherwise, it comes down to deciding how to weight
Packit 022b05
                    the preferences between ContextPrefixes,
Packit 022b05
                    SecurityModels, and SecurityLevels as follows:
Packit 022b05
                    a) if the subset of entries with securityModel
Packit 022b05
                       matching the securityModel in the message is
Packit 022b05
                       not empty, then discard the rest.
Packit 022b05
                    b) if the subset of entries with
Packit 022b05
                       vacmAccessContextPrefix matching the contextName
Packit 022b05
                       in the message is not empty,
Packit 022b05
                       then discard the rest
Packit 022b05
                    c) discard all entries with ContextPrefixes shorter
Packit 022b05
                       than the longest one remaining in the set
Packit 022b05
                    d) select the entry with the highest securityLevel
Packit 022b05
Packit 022b05
                 Please note that for securityLevel noAuthNoPriv, all
Packit 022b05
                 groups are really equivalent since the assumption that
Packit 022b05
                 the securityName has been authenticated does not hold.
Packit 022b05
                "
Packit 022b05
    ::= { vacmMIBObjects 4 }
Packit 022b05
Packit 022b05
vacmAccessEntry  OBJECT-TYPE
Packit 022b05
    SYNTAX       VacmAccessEntry
Packit 022b05
    MAX-ACCESS   not-accessible
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "An access right configured in the Local Configuration
Packit 022b05
                 Datastore (LCD) authorizing access to an SNMP context.
Packit 022b05
Packit 022b05
                 Entries in this table can use an instance value for
Packit 022b05
                 object vacmGroupName even if no entry in table
Packit 022b05
                 vacmAccessSecurityToGroupTable has a corresponding
Packit 022b05
                 value for object vacmGroupName.
Packit 022b05
                "
Packit 022b05
    INDEX       { vacmGroupName,
Packit 022b05
                  vacmAccessContextPrefix,
Packit 022b05
                  vacmAccessSecurityModel,
Packit 022b05
                  vacmAccessSecurityLevel
Packit 022b05
                }
Packit 022b05
    ::= { vacmAccessTable 1 }
Packit 022b05
Packit 022b05
VacmAccessEntry ::= SEQUENCE
Packit 022b05
    {
Packit 022b05
        vacmAccessContextPrefix    SnmpAdminString,
Packit 022b05
        vacmAccessSecurityModel    SnmpSecurityModel,
Packit 022b05
        vacmAccessSecurityLevel    SnmpSecurityLevel,
Packit 022b05
        vacmAccessContextMatch     INTEGER,
Packit 022b05
        vacmAccessReadViewName     SnmpAdminString,
Packit 022b05
        vacmAccessWriteViewName    SnmpAdminString,
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
        vacmAccessNotifyViewName   SnmpAdminString,
Packit 022b05
        vacmAccessStorageType      StorageType,
Packit 022b05
        vacmAccessStatus           RowStatus
Packit 022b05
    }
Packit 022b05
Packit 022b05
vacmAccessContextPrefix OBJECT-TYPE
Packit 022b05
    SYNTAX       SnmpAdminString (SIZE(0..32))
Packit 022b05
    MAX-ACCESS   not-accessible
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "In order to gain the access rights allowed by this
Packit 022b05
                 conceptual row, a contextName must match exactly
Packit 022b05
                 (if the value of vacmAccessContextMatch is 'exact')
Packit 022b05
                 or partially (if the value of vacmAccessContextMatch
Packit 022b05
                 is 'prefix') to the value of the instance of this
Packit 022b05
                 object.
Packit 022b05
                "
Packit 022b05
    ::= { vacmAccessEntry 1 }
Packit 022b05
Packit 022b05
vacmAccessSecurityModel OBJECT-TYPE
Packit 022b05
    SYNTAX       SnmpSecurityModel
Packit 022b05
    MAX-ACCESS   not-accessible
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "In order to gain the access rights allowed by this
Packit 022b05
                 conceptual row, this securityModel must be in use.
Packit 022b05
                "
Packit 022b05
    ::= { vacmAccessEntry 2 }
Packit 022b05
Packit 022b05
vacmAccessSecurityLevel OBJECT-TYPE
Packit 022b05
    SYNTAX       SnmpSecurityLevel
Packit 022b05
    MAX-ACCESS   not-accessible
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The minimum level of security required in order to
Packit 022b05
                 gain the access rights allowed by this conceptual
Packit 022b05
                 row.  A securityLevel of noAuthNoPriv is less than
Packit 022b05
                 authNoPriv which in turn is less than authPriv.
Packit 022b05
Packit 022b05
                 If multiple entries are equally indexed except for
Packit 022b05
                 this vacmAccessSecurityLevel index, then the entry
Packit 022b05
                 which has the highest value for
Packit 022b05
                 vacmAccessSecurityLevel is selected.
Packit 022b05
                "
Packit 022b05
    ::= { vacmAccessEntry 3 }
Packit 022b05
Packit 022b05
vacmAccessContextMatch OBJECT-TYPE
Packit 022b05
    SYNTAX       INTEGER
Packit 022b05
                { exact (1), -- exact match of prefix and contextName
Packit 022b05
                  prefix (2) -- Only match to the prefix
Packit 022b05
                }
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
    MAX-ACCESS   read-create
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "If the value of this object is exact(1), then all
Packit 022b05
                 rows where the contextName exactly matches
Packit 022b05
                 vacmAccessContextPrefix are selected.
Packit 022b05
Packit 022b05
                 If the value of this object is prefix(2), then all
Packit 022b05
                 rows where the contextName whose starting octets
Packit 022b05
                 exactly match vacmAccessContextPrefix are selected.
Packit 022b05
                 This allows for a simple form of wildcarding.
Packit 022b05
                "
Packit 022b05
    DEFVAL      { exact }
Packit 022b05
    ::= { vacmAccessEntry 4 }
Packit 022b05
Packit 022b05
vacmAccessReadViewName OBJECT-TYPE
Packit 022b05
    SYNTAX       SnmpAdminString (SIZE(0..32))
Packit 022b05
    MAX-ACCESS   read-create
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The value of an instance of this object identifies
Packit 022b05
                 the MIB view of the SNMP context to which this
Packit 022b05
                 conceptual row authorizes read access.
Packit 022b05
Packit 022b05
                 The identified MIB view is that one for which the
Packit 022b05
                 vacmViewTreeFamilyViewName has the same value as the
Packit 022b05
                 instance of this object; if the value is the empty
Packit 022b05
                 string or if there is no active MIB view having this
Packit 022b05
                 value of vacmViewTreeFamilyViewName, then no access
Packit 022b05
                 is granted.
Packit 022b05
                "
Packit 022b05
    DEFVAL      { ''H }   -- the empty string
Packit 022b05
    ::= { vacmAccessEntry 5 }
Packit 022b05
Packit 022b05
vacmAccessWriteViewName OBJECT-TYPE
Packit 022b05
    SYNTAX       SnmpAdminString (SIZE(0..32))
Packit 022b05
    MAX-ACCESS   read-create
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The value of an instance of this object identifies
Packit 022b05
                 the MIB view of the SNMP context to which this
Packit 022b05
                 conceptual row authorizes write access.
Packit 022b05
Packit 022b05
                 The identified MIB view is that one for which the
Packit 022b05
                 vacmViewTreeFamilyViewName has the same value as the
Packit 022b05
                 instance of this object; if the value is the empty
Packit 022b05
                 string or if there is no active MIB view having this
Packit 022b05
                 value of vacmViewTreeFamilyViewName, then no access
Packit 022b05
                 is granted.
Packit 022b05
                "
Packit 022b05
    DEFVAL      { ''H }   -- the empty string
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
    ::= { vacmAccessEntry 6 }
Packit 022b05
Packit 022b05
vacmAccessNotifyViewName OBJECT-TYPE
Packit 022b05
    SYNTAX       SnmpAdminString (SIZE(0..32))
Packit 022b05
    MAX-ACCESS   read-create
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The value of an instance of this object identifies
Packit 022b05
                 the MIB view of the SNMP context to which this
Packit 022b05
                 conceptual row authorizes access for notifications.
Packit 022b05
Packit 022b05
                 The identified MIB view is that one for which the
Packit 022b05
                 vacmViewTreeFamilyViewName has the same value as the
Packit 022b05
                 instance of this object; if the value is the empty
Packit 022b05
                 string or if there is no active MIB view having this
Packit 022b05
                 value of vacmViewTreeFamilyViewName, then no access
Packit 022b05
                 is granted.
Packit 022b05
                "
Packit 022b05
    DEFVAL      { ''H }   -- the empty string
Packit 022b05
    ::= { vacmAccessEntry 7 }
Packit 022b05
Packit 022b05
vacmAccessStorageType OBJECT-TYPE
Packit 022b05
    SYNTAX       StorageType
Packit 022b05
    MAX-ACCESS   read-create
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The storage type for this conceptual row.
Packit 022b05
Packit 022b05
                 Conceptual rows having the value 'permanent' need not
Packit 022b05
                 allow write-access to any columnar objects in the row.
Packit 022b05
                "
Packit 022b05
    DEFVAL      { nonVolatile }
Packit 022b05
    ::= { vacmAccessEntry 8 }
Packit 022b05
Packit 022b05
vacmAccessStatus OBJECT-TYPE
Packit 022b05
    SYNTAX       RowStatus
Packit 022b05
    MAX-ACCESS   read-create
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The status of this conceptual row.
Packit 022b05
Packit 022b05
                 The  RowStatus TC [RFC2579] requires that this
Packit 022b05
                 DESCRIPTION clause states under which circumstances
Packit 022b05
                 other objects in this row can be modified:
Packit 022b05
Packit 022b05
                 The value of this object has no effect on whether
Packit 022b05
                 other objects in this conceptual row can be modified.
Packit 022b05
                "
Packit 022b05
    ::= { vacmAccessEntry 9 }
Packit 022b05
Packit 022b05
-- Information about MIB views ***************************************
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
-- Support for instance-level granularity is optional.
Packit 022b05
--
Packit 022b05
-- In some implementations, instance-level access control
Packit 022b05
-- granularity may come at a high performance cost.  Managers
Packit 022b05
-- should avoid requesting such configurations unnecessarily.
Packit 022b05
Packit 022b05
vacmMIBViews     OBJECT IDENTIFIER ::= { vacmMIBObjects 5 }
Packit 022b05
Packit 022b05
vacmViewSpinLock OBJECT-TYPE
Packit 022b05
    SYNTAX       TestAndIncr
Packit 022b05
    MAX-ACCESS   read-write
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "An advisory lock used to allow cooperating SNMP
Packit 022b05
                 Command Generator applications to coordinate their
Packit 022b05
                 use of the Set operation in creating or modifying
Packit 022b05
                 views.
Packit 022b05
Packit 022b05
                 When creating a new view or altering an existing
Packit 022b05
                 view, it is important to understand the potential
Packit 022b05
                 interactions with other uses of the view.  The
Packit 022b05
                 vacmViewSpinLock should be retrieved.  The name of
Packit 022b05
                 the view to be created should be determined to be
Packit 022b05
                 unique by the SNMP Command Generator application by
Packit 022b05
                 consulting the vacmViewTreeFamilyTable.  Finally,
Packit 022b05
                 the named view may be created (Set), including the
Packit 022b05
                 advisory lock.
Packit 022b05
                 If another SNMP Command Generator application has
Packit 022b05
                 altered the views in the meantime, then the spin
Packit 022b05
                 lock's value will have changed, and so this creation
Packit 022b05
                 will fail because it will specify the wrong value for
Packit 022b05
                 the spin lock.
Packit 022b05
Packit 022b05
                 Since this is an advisory lock, the use of this lock
Packit 022b05
                 is not enforced.
Packit 022b05
                "
Packit 022b05
    ::= { vacmMIBViews 1 }
Packit 022b05
Packit 022b05
vacmViewTreeFamilyTable OBJECT-TYPE
Packit 022b05
    SYNTAX       SEQUENCE OF VacmViewTreeFamilyEntry
Packit 022b05
    MAX-ACCESS   not-accessible
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "Locally held information about families of subtrees
Packit 022b05
                 within MIB views.
Packit 022b05
Packit 022b05
                 Each MIB view is defined by two sets of view subtrees:
Packit 022b05
                   - the included view subtrees, and
Packit 022b05
                   - the excluded view subtrees.
Packit 022b05
                 Every such view subtree, both the included and the
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
                 excluded ones, is defined in this table.
Packit 022b05
Packit 022b05
                 To determine if a particular object instance is in
Packit 022b05
                 a particular MIB view, compare the object instance's
Packit 022b05
                 OBJECT IDENTIFIER with each of the MIB view's active
Packit 022b05
                 entries in this table.  If none match, then the
Packit 022b05
                 object instance is not in the MIB view.  If one or
Packit 022b05
                 more match, then the object instance is included in,
Packit 022b05
                 or excluded from, the MIB view according to the
Packit 022b05
                 value of vacmViewTreeFamilyType in the entry whose
Packit 022b05
                 value of vacmViewTreeFamilySubtree has the most
Packit 022b05
                 sub-identifiers.  If multiple entries match and have
Packit 022b05
                 the same number of sub-identifiers (when wildcarding
Packit 022b05
                 is specified with the value of vacmViewTreeFamilyMask),
Packit 022b05
                 then the lexicographically greatest instance of
Packit 022b05
                 vacmViewTreeFamilyType determines the inclusion or
Packit 022b05
                 exclusion.
Packit 022b05
Packit 022b05
                 An object instance's OBJECT IDENTIFIER X matches an
Packit 022b05
                 active entry in this table when the number of
Packit 022b05
                 sub-identifiers in X is at least as many as in the
Packit 022b05
                 value of vacmViewTreeFamilySubtree for the entry,
Packit 022b05
                 and each sub-identifier in the value of
Packit 022b05
                 vacmViewTreeFamilySubtree matches its corresponding
Packit 022b05
                 sub-identifier in X.  Two sub-identifiers match
Packit 022b05
                 either if the corresponding bit of the value of
Packit 022b05
                 vacmViewTreeFamilyMask for the entry is zero (the
Packit 022b05
                 'wild card' value), or if they are equal.
Packit 022b05
Packit 022b05
                 A 'family' of subtrees is the set of subtrees defined
Packit 022b05
                 by a particular combination of values of
Packit 022b05
                 vacmViewTreeFamilySubtree and vacmViewTreeFamilyMask.
Packit 022b05
Packit 022b05
                 In the case where no 'wild card' is defined in the
Packit 022b05
                 vacmViewTreeFamilyMask, the family of subtrees reduces
Packit 022b05
                 to a single subtree.
Packit 022b05
Packit 022b05
                 When creating or changing MIB views, an SNMP Command
Packit 022b05
                 Generator application should utilize the
Packit 022b05
                 vacmViewSpinLock to try to avoid collisions.  See
Packit 022b05
                 DESCRIPTION clause of vacmViewSpinLock.
Packit 022b05
Packit 022b05
                 When creating MIB views, it is strongly advised that
Packit 022b05
                 first the 'excluded' vacmViewTreeFamilyEntries are
Packit 022b05
                 created and then the 'included' entries.
Packit 022b05
Packit 022b05
                 When deleting MIB views, it is strongly advised that
Packit 022b05
                 first the 'included' vacmViewTreeFamilyEntries are
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
                 deleted and then the 'excluded' entries.
Packit 022b05
Packit 022b05
                 If a create for an entry for instance-level access
Packit 022b05
                 control is received and the implementation does not
Packit 022b05
                 support instance-level granularity, then an
Packit 022b05
                 inconsistentName error must be returned.
Packit 022b05
                "
Packit 022b05
    ::= { vacmMIBViews 2 }
Packit 022b05
Packit 022b05
vacmViewTreeFamilyEntry OBJECT-TYPE
Packit 022b05
    SYNTAX       VacmViewTreeFamilyEntry
Packit 022b05
    MAX-ACCESS   not-accessible
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "Information on a particular family of view subtrees
Packit 022b05
                 included in or excluded from a particular SNMP
Packit 022b05
                 context's MIB view.
Packit 022b05
Packit 022b05
                 Implementations must not restrict the number of
Packit 022b05
                 families of view subtrees for a given MIB view,
Packit 022b05
                 except as dictated by resource constraints on the
Packit 022b05
                 overall number of entries in the
Packit 022b05
                 vacmViewTreeFamilyTable.
Packit 022b05
Packit 022b05
                 If no conceptual rows exist in this table for a given
Packit 022b05
                 MIB view (viewName), that view may be thought of as
Packit 022b05
                 consisting of the empty set of view subtrees.
Packit 022b05
                "
Packit 022b05
    INDEX       { vacmViewTreeFamilyViewName,
Packit 022b05
                  vacmViewTreeFamilySubtree
Packit 022b05
                }
Packit 022b05
    ::= { vacmViewTreeFamilyTable 1 }
Packit 022b05
Packit 022b05
VacmViewTreeFamilyEntry ::= SEQUENCE
Packit 022b05
    {
Packit 022b05
        vacmViewTreeFamilyViewName     SnmpAdminString,
Packit 022b05
        vacmViewTreeFamilySubtree      OBJECT IDENTIFIER,
Packit 022b05
        vacmViewTreeFamilyMask         OCTET STRING,
Packit 022b05
        vacmViewTreeFamilyType         INTEGER,
Packit 022b05
        vacmViewTreeFamilyStorageType  StorageType,
Packit 022b05
        vacmViewTreeFamilyStatus       RowStatus
Packit 022b05
    }
Packit 022b05
Packit 022b05
vacmViewTreeFamilyViewName OBJECT-TYPE
Packit 022b05
    SYNTAX       SnmpAdminString (SIZE(1..32))
Packit 022b05
    MAX-ACCESS   not-accessible
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The human readable name for a family of view subtrees.
Packit 022b05
                "
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
    ::= { vacmViewTreeFamilyEntry 1 }
Packit 022b05
Packit 022b05
vacmViewTreeFamilySubtree OBJECT-TYPE
Packit 022b05
    SYNTAX       OBJECT IDENTIFIER
Packit 022b05
    MAX-ACCESS   not-accessible
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The MIB subtree which when combined with the
Packit 022b05
                 corresponding instance of vacmViewTreeFamilyMask
Packit 022b05
                 defines a family of view subtrees.
Packit 022b05
                "
Packit 022b05
    ::= { vacmViewTreeFamilyEntry 2 }
Packit 022b05
Packit 022b05
vacmViewTreeFamilyMask OBJECT-TYPE
Packit 022b05
    SYNTAX       OCTET STRING (SIZE (0..16))
Packit 022b05
    MAX-ACCESS   read-create
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The bit mask which, in combination with the
Packit 022b05
                 corresponding instance of vacmViewTreeFamilySubtree,
Packit 022b05
                 defines a family of view subtrees.
Packit 022b05
Packit 022b05
                 Each bit of this bit mask corresponds to a
Packit 022b05
                 sub-identifier of vacmViewTreeFamilySubtree, with the
Packit 022b05
                 most significant bit of the i-th octet of this octet
Packit 022b05
                 string value (extended if necessary, see below)
Packit 022b05
                 corresponding to the (8*i - 7)-th sub-identifier, and
Packit 022b05
                 the least significant bit of the i-th octet of this
Packit 022b05
                 octet string corresponding to the (8*i)-th
Packit 022b05
                 sub-identifier, where i is in the range 1 through 16.
Packit 022b05
Packit 022b05
                 Each bit of this bit mask specifies whether or not
Packit 022b05
                 the corresponding sub-identifiers must match when
Packit 022b05
                 determining if an OBJECT IDENTIFIER is in this
Packit 022b05
                 family of view subtrees; a '1' indicates that an
Packit 022b05
                 exact match must occur; a '0' indicates 'wild card',
Packit 022b05
                 i.e., any sub-identifier value matches.
Packit 022b05
Packit 022b05
                 Thus, the OBJECT IDENTIFIER X of an object instance
Packit 022b05
                 is contained in a family of view subtrees if, for
Packit 022b05
                 each sub-identifier of the value of
Packit 022b05
                 vacmViewTreeFamilySubtree, either:
Packit 022b05
Packit 022b05
                   the i-th bit of vacmViewTreeFamilyMask is 0, or
Packit 022b05
Packit 022b05
                   the i-th sub-identifier of X is equal to the i-th
Packit 022b05
                   sub-identifier of the value of
Packit 022b05
                   vacmViewTreeFamilySubtree.
Packit 022b05
Packit 022b05
                 If the value of this bit mask is M bits long and
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
                 there are more than M sub-identifiers in the
Packit 022b05
                 corresponding instance of vacmViewTreeFamilySubtree,
Packit 022b05
                 then the bit mask is extended with 1's to be the
Packit 022b05
                 required length.
Packit 022b05
Packit 022b05
                 Note that when the value of this object is the
Packit 022b05
                 zero-length string, this extension rule results in
Packit 022b05
                 a mask of all-1's being used (i.e., no 'wild card'),
Packit 022b05
                 and the family of view subtrees is the one view
Packit 022b05
                 subtree uniquely identified by the corresponding
Packit 022b05
                 instance of vacmViewTreeFamilySubtree.
Packit 022b05
Packit 022b05
                 Note that masks of length greater than zero length
Packit 022b05
                 do not need to be supported.  In this case this
Packit 022b05
                 object is made read-only.
Packit 022b05
                "
Packit 022b05
    DEFVAL      { ''H }
Packit 022b05
    ::= { vacmViewTreeFamilyEntry 3 }
Packit 022b05
Packit 022b05
vacmViewTreeFamilyType OBJECT-TYPE
Packit 022b05
    SYNTAX       INTEGER  { included(1), excluded(2) }
Packit 022b05
    MAX-ACCESS   read-create
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "Indicates whether the corresponding instances of
Packit 022b05
                 vacmViewTreeFamilySubtree and vacmViewTreeFamilyMask
Packit 022b05
                 define a family of view subtrees which is included in
Packit 022b05
                 or excluded from the MIB view.
Packit 022b05
                "
Packit 022b05
    DEFVAL      { included }
Packit 022b05
    ::= { vacmViewTreeFamilyEntry 4 }
Packit 022b05
Packit 022b05
vacmViewTreeFamilyStorageType OBJECT-TYPE
Packit 022b05
    SYNTAX       StorageType
Packit 022b05
    MAX-ACCESS   read-create
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The storage type for this conceptual row.
Packit 022b05
Packit 022b05
                 Conceptual rows having the value 'permanent' need not
Packit 022b05
                 allow write-access to any columnar objects in the row.
Packit 022b05
                "
Packit 022b05
    DEFVAL      { nonVolatile }
Packit 022b05
    ::= { vacmViewTreeFamilyEntry 5 }
Packit 022b05
Packit 022b05
vacmViewTreeFamilyStatus OBJECT-TYPE
Packit 022b05
    SYNTAX       RowStatus
Packit 022b05
    MAX-ACCESS   read-create
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The status of this conceptual row.
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
                 The  RowStatus TC [RFC2579] requires that this
Packit 022b05
                 DESCRIPTION clause states under which circumstances
Packit 022b05
                 other objects in this row can be modified:
Packit 022b05
Packit 022b05
                 The value of this object has no effect on whether
Packit 022b05
                 other objects in this conceptual row can be modified.
Packit 022b05
                "
Packit 022b05
    ::= { vacmViewTreeFamilyEntry 6 }
Packit 022b05
Packit 022b05
-- Conformance information *******************************************
Packit 022b05
Packit 022b05
vacmMIBCompliances  OBJECT IDENTIFIER ::= { vacmMIBConformance 1 }
Packit 022b05
vacmMIBGroups       OBJECT IDENTIFIER ::= { vacmMIBConformance 2 }
Packit 022b05
Packit 022b05
-- Compliance statements *********************************************
Packit 022b05
Packit 022b05
vacmMIBCompliance MODULE-COMPLIANCE
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "The compliance statement for SNMP engines which
Packit 022b05
                 implement the SNMP View-based Access Control Model
Packit 022b05
                 configuration MIB.
Packit 022b05
                "
Packit 022b05
    MODULE -- this module
Packit 022b05
        MANDATORY-GROUPS { vacmBasicGroup }
Packit 022b05
Packit 022b05
        OBJECT        vacmAccessContextMatch
Packit 022b05
        MIN-ACCESS    read-only
Packit 022b05
        DESCRIPTION  "Write access is not required."
Packit 022b05
Packit 022b05
        OBJECT        vacmAccessReadViewName
Packit 022b05
        MIN-ACCESS    read-only
Packit 022b05
        DESCRIPTION  "Write access is not required."
Packit 022b05
Packit 022b05
        OBJECT        vacmAccessWriteViewName
Packit 022b05
        MIN-ACCESS    read-only
Packit 022b05
        DESCRIPTION  "Write access is not required."
Packit 022b05
Packit 022b05
        OBJECT        vacmAccessNotifyViewName
Packit 022b05
        MIN-ACCESS    read-only
Packit 022b05
        DESCRIPTION  "Write access is not required."
Packit 022b05
Packit 022b05
        OBJECT        vacmAccessStorageType
Packit 022b05
        MIN-ACCESS    read-only
Packit 022b05
        DESCRIPTION  "Write access is not required."
Packit 022b05
Packit 022b05
        OBJECT        vacmAccessStatus
Packit 022b05
        MIN-ACCESS    read-only
Packit 022b05
        DESCRIPTION  "Create/delete/modify access to the
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
                      vacmAccessTable is not required.
Packit 022b05
                     "
Packit 022b05
Packit 022b05
        OBJECT        vacmViewTreeFamilyMask
Packit 022b05
        WRITE-SYNTAX  OCTET STRING (SIZE (0))
Packit 022b05
        MIN-ACCESS    read-only
Packit 022b05
        DESCRIPTION  "Support for configuration via SNMP of subtree
Packit 022b05
                      families using wild-cards is not required.
Packit 022b05
                     "
Packit 022b05
Packit 022b05
        OBJECT        vacmViewTreeFamilyType
Packit 022b05
        MIN-ACCESS    read-only
Packit 022b05
        DESCRIPTION  "Write access is not required."
Packit 022b05
Packit 022b05
        OBJECT        vacmViewTreeFamilyStorageType
Packit 022b05
        MIN-ACCESS    read-only
Packit 022b05
        DESCRIPTION  "Write access is not required."
Packit 022b05
Packit 022b05
        OBJECT        vacmViewTreeFamilyStatus
Packit 022b05
        MIN-ACCESS    read-only
Packit 022b05
        DESCRIPTION  "Create/delete/modify access to the
Packit 022b05
                      vacmViewTreeFamilyTable is not required.
Packit 022b05
                     "
Packit 022b05
    ::= { vacmMIBCompliances 1 }
Packit 022b05
Packit 022b05
-- Units of conformance **********************************************
Packit 022b05
Packit 022b05
vacmBasicGroup OBJECT-GROUP
Packit 022b05
    OBJECTS {
Packit 022b05
              vacmContextName,
Packit 022b05
              vacmGroupName,
Packit 022b05
              vacmSecurityToGroupStorageType,
Packit 022b05
              vacmSecurityToGroupStatus,
Packit 022b05
              vacmAccessContextMatch,
Packit 022b05
              vacmAccessReadViewName,
Packit 022b05
              vacmAccessWriteViewName,
Packit 022b05
              vacmAccessNotifyViewName,
Packit 022b05
              vacmAccessStorageType,
Packit 022b05
              vacmAccessStatus,
Packit 022b05
              vacmViewSpinLock,
Packit 022b05
              vacmViewTreeFamilyMask,
Packit 022b05
              vacmViewTreeFamilyType,
Packit 022b05
              vacmViewTreeFamilyStorageType,
Packit 022b05
              vacmViewTreeFamilyStatus
Packit 022b05
            }
Packit 022b05
    STATUS       current
Packit 022b05
    DESCRIPTION "A collection of objects providing for remote
Packit 022b05
                 configuration of an SNMP engine which implements
Packit 022b05
Packit 022b05
Packit 022b05
Packit 022b05
                 the SNMP View-based Access Control Model.
Packit 022b05
                "
Packit 022b05
    ::= { vacmMIBGroups 1 }
Packit 022b05
Packit 022b05
END