diff options
Diffstat (limited to 'mibs/SNMP-VIEW-BASED-ACM-MIB.txt')
-rw-r--r-- | mibs/SNMP-VIEW-BASED-ACM-MIB.txt | 830 |
1 files changed, 830 insertions, 0 deletions
diff --git a/mibs/SNMP-VIEW-BASED-ACM-MIB.txt b/mibs/SNMP-VIEW-BASED-ACM-MIB.txt new file mode 100644 index 0000000..7244ad0 --- /dev/null +++ b/mibs/SNMP-VIEW-BASED-ACM-MIB.txt @@ -0,0 +1,830 @@ +SNMP-VIEW-BASED-ACM-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF + MODULE-IDENTITY, OBJECT-TYPE, + snmpModules FROM SNMPv2-SMI + TestAndIncr, + RowStatus, StorageType FROM SNMPv2-TC + SnmpAdminString, + SnmpSecurityLevel, + SnmpSecurityModel FROM SNMP-FRAMEWORK-MIB; + +snmpVacmMIB MODULE-IDENTITY + LAST-UPDATED "200210160000Z" -- 16 Oct 2002, midnight + ORGANIZATION "SNMPv3 Working Group" + CONTACT-INFO "WG-email: snmpv3@lists.tislabs.com + Subscribe: majordomo@lists.tislabs.com + In message body: subscribe snmpv3 + + Co-Chair: Russ Mundy + Network Associates Laboratories + postal: 15204 Omega Drive, Suite 300 + Rockville, MD 20850-4601 + USA + email: mundy@tislabs.com + phone: +1 301-947-7107 + + Co-Chair: David Harrington + Enterasys Networks + Postal: 35 Industrial Way + P. O. Box 5004 + Rochester, New Hampshire 03866-5005 + USA + EMail: dbh@enterasys.com + Phone: +1 603-337-2614 + + Co-editor: Bert Wijnen + Lucent Technologies + postal: Schagen 33 + 3461 GL Linschoten + Netherlands + email: bwijnen@lucent.com + phone: +31-348-480-685 + + Co-editor: Randy Presuhn + BMC Software, Inc. + + postal: 2141 North First Street + San Jose, CA 95131 + USA + email: randy_presuhn@bmc.com + phone: +1 408-546-1006 + + Co-editor: Keith McCloghrie + Cisco Systems, Inc. + postal: 170 West Tasman Drive + San Jose, CA 95134-1706 + USA + email: kzm@cisco.com + phone: +1-408-526-5260 + " + DESCRIPTION "The management information definitions for the + View-based Access Control Model for SNMP. + + Copyright (C) The Internet Society (2002). This + version of this MIB module is part of RFC 3415; + see the RFC itself for full legal notices. + " +-- Revision history + + REVISION "200210160000Z" -- 16 Oct 2002, midnight + DESCRIPTION "Clarifications, published as RFC3415" + + REVISION "199901200000Z" -- 20 Jan 1999, midnight + DESCRIPTION "Clarifications, published as RFC2575" + + REVISION "199711200000Z" -- 20 Nov 1997, midnight + DESCRIPTION "Initial version, published as RFC2275" + ::= { snmpModules 16 } + +-- Administrative assignments **************************************** + +vacmMIBObjects OBJECT IDENTIFIER ::= { snmpVacmMIB 1 } +vacmMIBConformance OBJECT IDENTIFIER ::= { snmpVacmMIB 2 } + +-- Information about Local Contexts ********************************** + +vacmContextTable OBJECT-TYPE + SYNTAX SEQUENCE OF VacmContextEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The table of locally available contexts. + + This table provides information to SNMP Command + + Generator applications so that they can properly + configure the vacmAccessTable to control access to + all contexts at the SNMP entity. + + This table may change dynamically if the SNMP entity + allows that contexts are added/deleted dynamically + (for instance when its configuration changes). Such + changes would happen only if the management + instrumentation at that SNMP entity recognizes more + (or fewer) contexts. + + The presence of entries in this table and of entries + in the vacmAccessTable are independent. That is, a + context identified by an entry in this table is not + necessarily referenced by any entries in the + vacmAccessTable; and the context(s) referenced by an + entry in the vacmAccessTable does not necessarily + currently exist and thus need not be identified by an + entry in this table. + + This table must be made accessible via the default + context so that Command Responder applications have + a standard way of retrieving the information. + + This table is read-only. It cannot be configured via + SNMP. + " + ::= { vacmMIBObjects 1 } + +vacmContextEntry OBJECT-TYPE + SYNTAX VacmContextEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "Information about a particular context." + INDEX { + vacmContextName + } + ::= { vacmContextTable 1 } + +VacmContextEntry ::= SEQUENCE + { + vacmContextName SnmpAdminString + } + +vacmContextName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(0..32)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION "A human readable name identifying a particular + context at a particular SNMP entity. + + The empty contextName (zero length) represents the + default context. + " + ::= { vacmContextEntry 1 } + +-- Information about Groups ****************************************** + +vacmSecurityToGroupTable OBJECT-TYPE + SYNTAX SEQUENCE OF VacmSecurityToGroupEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "This table maps a combination of securityModel and + securityName into a groupName which is used to define + an access control policy for a group of principals. + " + ::= { vacmMIBObjects 2 } + +vacmSecurityToGroupEntry OBJECT-TYPE + SYNTAX VacmSecurityToGroupEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "An entry in this table maps the combination of a + securityModel and securityName into a groupName. + " + INDEX { + vacmSecurityModel, + vacmSecurityName + } + ::= { vacmSecurityToGroupTable 1 } + +VacmSecurityToGroupEntry ::= SEQUENCE + { + vacmSecurityModel SnmpSecurityModel, + vacmSecurityName SnmpAdminString, + vacmGroupName SnmpAdminString, + vacmSecurityToGroupStorageType StorageType, + vacmSecurityToGroupStatus RowStatus + } + +vacmSecurityModel OBJECT-TYPE + SYNTAX SnmpSecurityModel(1..2147483647) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The Security Model, by which the vacmSecurityName + referenced by this entry is provided. + + Note, this object may not take the 'any' (0) value. + " + ::= { vacmSecurityToGroupEntry 1 } + +vacmSecurityName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The securityName for the principal, represented in a + Security Model independent format, which is mapped by + this entry to a groupName. + " + ::= { vacmSecurityToGroupEntry 2 } + +vacmGroupName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(1..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION "The name of the group to which this entry (e.g., the + combination of securityModel and securityName) + belongs. + + This groupName is used as index into the + vacmAccessTable to select an access control policy. + However, a value in this table does not imply that an + instance with the value exists in table vacmAccesTable. + " + ::= { vacmSecurityToGroupEntry 3 } + +vacmSecurityToGroupStorageType OBJECT-TYPE + SYNTAX StorageType + MAX-ACCESS read-create + STATUS current + DESCRIPTION "The storage type for this conceptual row. + Conceptual rows having the value 'permanent' need not + allow write-access to any columnar objects in the row. + " + DEFVAL { nonVolatile } + ::= { vacmSecurityToGroupEntry 4 } + +vacmSecurityToGroupStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION "The status of this conceptual row. + + Until instances of all corresponding columns are + appropriately configured, the value of the + + corresponding instance of the vacmSecurityToGroupStatus + column is 'notReady'. + + In particular, a newly created row cannot be made + active until a value has been set for vacmGroupName. + + The RowStatus TC [RFC2579] requires that this + DESCRIPTION clause states under which circumstances + other objects in this row can be modified: + + The value of this object has no effect on whether + other objects in this conceptual row can be modified. + " + ::= { vacmSecurityToGroupEntry 5 } + +-- Information about Access Rights *********************************** + +vacmAccessTable OBJECT-TYPE + SYNTAX SEQUENCE OF VacmAccessEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The table of access rights for groups. + + Each entry is indexed by a groupName, a contextPrefix, + a securityModel and a securityLevel. To determine + whether access is allowed, one entry from this table + needs to be selected and the proper viewName from that + entry must be used for access control checking. + + To select the proper entry, follow these steps: + + 1) the set of possible matches is formed by the + intersection of the following sets of entries: + + the set of entries with identical vacmGroupName + the union of these two sets: + - the set with identical vacmAccessContextPrefix + - the set of entries with vacmAccessContextMatch + value of 'prefix' and matching + vacmAccessContextPrefix + intersected with the union of these two sets: + - the set of entries with identical + vacmSecurityModel + - the set of entries with vacmSecurityModel + value of 'any' + intersected with the set of entries with + vacmAccessSecurityLevel value less than or equal + to the requested securityLevel + + 2) if this set has only one member, we're done + otherwise, it comes down to deciding how to weight + the preferences between ContextPrefixes, + SecurityModels, and SecurityLevels as follows: + a) if the subset of entries with securityModel + matching the securityModel in the message is + not empty, then discard the rest. + b) if the subset of entries with + vacmAccessContextPrefix matching the contextName + in the message is not empty, + then discard the rest + c) discard all entries with ContextPrefixes shorter + than the longest one remaining in the set + d) select the entry with the highest securityLevel + + Please note that for securityLevel noAuthNoPriv, all + groups are really equivalent since the assumption that + the securityName has been authenticated does not hold. + " + ::= { vacmMIBObjects 4 } + +vacmAccessEntry OBJECT-TYPE + SYNTAX VacmAccessEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "An access right configured in the Local Configuration + Datastore (LCD) authorizing access to an SNMP context. + + Entries in this table can use an instance value for + object vacmGroupName even if no entry in table + vacmAccessSecurityToGroupTable has a corresponding + value for object vacmGroupName. + " + INDEX { vacmGroupName, + vacmAccessContextPrefix, + vacmAccessSecurityModel, + vacmAccessSecurityLevel + } + ::= { vacmAccessTable 1 } + +VacmAccessEntry ::= SEQUENCE + { + vacmAccessContextPrefix SnmpAdminString, + vacmAccessSecurityModel SnmpSecurityModel, + vacmAccessSecurityLevel SnmpSecurityLevel, + vacmAccessContextMatch INTEGER, + vacmAccessReadViewName SnmpAdminString, + vacmAccessWriteViewName SnmpAdminString, + vacmAccessNotifyViewName SnmpAdminString, + vacmAccessStorageType StorageType, + vacmAccessStatus RowStatus + } + +vacmAccessContextPrefix OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(0..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "In order to gain the access rights allowed by this + conceptual row, a contextName must match exactly + (if the value of vacmAccessContextMatch is 'exact') + or partially (if the value of vacmAccessContextMatch + is 'prefix') to the value of the instance of this + object. + " + ::= { vacmAccessEntry 1 } + +vacmAccessSecurityModel OBJECT-TYPE + SYNTAX SnmpSecurityModel + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "In order to gain the access rights allowed by this + conceptual row, this securityModel must be in use. + " + ::= { vacmAccessEntry 2 } + +vacmAccessSecurityLevel OBJECT-TYPE + SYNTAX SnmpSecurityLevel + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The minimum level of security required in order to + gain the access rights allowed by this conceptual + row. A securityLevel of noAuthNoPriv is less than + authNoPriv which in turn is less than authPriv. + + If multiple entries are equally indexed except for + this vacmAccessSecurityLevel index, then the entry + which has the highest value for + vacmAccessSecurityLevel is selected. + " + ::= { vacmAccessEntry 3 } + +vacmAccessContextMatch OBJECT-TYPE + SYNTAX INTEGER + { exact (1), -- exact match of prefix and contextName + prefix (2) -- Only match to the prefix + } + MAX-ACCESS read-create + STATUS current + DESCRIPTION "If the value of this object is exact(1), then all + rows where the contextName exactly matches + vacmAccessContextPrefix are selected. + + If the value of this object is prefix(2), then all + rows where the contextName whose starting octets + exactly match vacmAccessContextPrefix are selected. + This allows for a simple form of wildcarding. + " + DEFVAL { exact } + ::= { vacmAccessEntry 4 } + +vacmAccessReadViewName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(0..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION "The value of an instance of this object identifies + the MIB view of the SNMP context to which this + conceptual row authorizes read access. + + The identified MIB view is that one for which the + vacmViewTreeFamilyViewName has the same value as the + instance of this object; if the value is the empty + string or if there is no active MIB view having this + value of vacmViewTreeFamilyViewName, then no access + is granted. + " + DEFVAL { ''H } -- the empty string + ::= { vacmAccessEntry 5 } + +vacmAccessWriteViewName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(0..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION "The value of an instance of this object identifies + the MIB view of the SNMP context to which this + conceptual row authorizes write access. + + The identified MIB view is that one for which the + vacmViewTreeFamilyViewName has the same value as the + instance of this object; if the value is the empty + string or if there is no active MIB view having this + value of vacmViewTreeFamilyViewName, then no access + is granted. + " + DEFVAL { ''H } -- the empty string + ::= { vacmAccessEntry 6 } + +vacmAccessNotifyViewName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(0..32)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION "The value of an instance of this object identifies + the MIB view of the SNMP context to which this + conceptual row authorizes access for notifications. + + The identified MIB view is that one for which the + vacmViewTreeFamilyViewName has the same value as the + instance of this object; if the value is the empty + string or if there is no active MIB view having this + value of vacmViewTreeFamilyViewName, then no access + is granted. + " + DEFVAL { ''H } -- the empty string + ::= { vacmAccessEntry 7 } + +vacmAccessStorageType OBJECT-TYPE + SYNTAX StorageType + MAX-ACCESS read-create + STATUS current + DESCRIPTION "The storage type for this conceptual row. + + Conceptual rows having the value 'permanent' need not + allow write-access to any columnar objects in the row. + " + DEFVAL { nonVolatile } + ::= { vacmAccessEntry 8 } + +vacmAccessStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION "The status of this conceptual row. + + The RowStatus TC [RFC2579] requires that this + DESCRIPTION clause states under which circumstances + other objects in this row can be modified: + + The value of this object has no effect on whether + other objects in this conceptual row can be modified. + " + ::= { vacmAccessEntry 9 } + +-- Information about MIB views *************************************** + +-- Support for instance-level granularity is optional. +-- +-- In some implementations, instance-level access control +-- granularity may come at a high performance cost. Managers +-- should avoid requesting such configurations unnecessarily. + +vacmMIBViews OBJECT IDENTIFIER ::= { vacmMIBObjects 5 } + +vacmViewSpinLock OBJECT-TYPE + SYNTAX TestAndIncr + MAX-ACCESS read-write + STATUS current + DESCRIPTION "An advisory lock used to allow cooperating SNMP + Command Generator applications to coordinate their + use of the Set operation in creating or modifying + views. + + When creating a new view or altering an existing + view, it is important to understand the potential + interactions with other uses of the view. The + vacmViewSpinLock should be retrieved. The name of + the view to be created should be determined to be + unique by the SNMP Command Generator application by + consulting the vacmViewTreeFamilyTable. Finally, + the named view may be created (Set), including the + advisory lock. + If another SNMP Command Generator application has + altered the views in the meantime, then the spin + lock's value will have changed, and so this creation + will fail because it will specify the wrong value for + the spin lock. + + Since this is an advisory lock, the use of this lock + is not enforced. + " + ::= { vacmMIBViews 1 } + +vacmViewTreeFamilyTable OBJECT-TYPE + SYNTAX SEQUENCE OF VacmViewTreeFamilyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "Locally held information about families of subtrees + within MIB views. + + Each MIB view is defined by two sets of view subtrees: + - the included view subtrees, and + - the excluded view subtrees. + Every such view subtree, both the included and the + + excluded ones, is defined in this table. + + To determine if a particular object instance is in + a particular MIB view, compare the object instance's + OBJECT IDENTIFIER with each of the MIB view's active + entries in this table. If none match, then the + object instance is not in the MIB view. If one or + more match, then the object instance is included in, + or excluded from, the MIB view according to the + value of vacmViewTreeFamilyType in the entry whose + value of vacmViewTreeFamilySubtree has the most + sub-identifiers. If multiple entries match and have + the same number of sub-identifiers (when wildcarding + is specified with the value of vacmViewTreeFamilyMask), + then the lexicographically greatest instance of + vacmViewTreeFamilyType determines the inclusion or + exclusion. + + An object instance's OBJECT IDENTIFIER X matches an + active entry in this table when the number of + sub-identifiers in X is at least as many as in the + value of vacmViewTreeFamilySubtree for the entry, + and each sub-identifier in the value of + vacmViewTreeFamilySubtree matches its corresponding + sub-identifier in X. Two sub-identifiers match + either if the corresponding bit of the value of + vacmViewTreeFamilyMask for the entry is zero (the + 'wild card' value), or if they are equal. + + A 'family' of subtrees is the set of subtrees defined + by a particular combination of values of + vacmViewTreeFamilySubtree and vacmViewTreeFamilyMask. + + In the case where no 'wild card' is defined in the + vacmViewTreeFamilyMask, the family of subtrees reduces + to a single subtree. + + When creating or changing MIB views, an SNMP Command + Generator application should utilize the + vacmViewSpinLock to try to avoid collisions. See + DESCRIPTION clause of vacmViewSpinLock. + + When creating MIB views, it is strongly advised that + first the 'excluded' vacmViewTreeFamilyEntries are + created and then the 'included' entries. + + When deleting MIB views, it is strongly advised that + first the 'included' vacmViewTreeFamilyEntries are + + deleted and then the 'excluded' entries. + + If a create for an entry for instance-level access + control is received and the implementation does not + support instance-level granularity, then an + inconsistentName error must be returned. + " + ::= { vacmMIBViews 2 } + +vacmViewTreeFamilyEntry OBJECT-TYPE + SYNTAX VacmViewTreeFamilyEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "Information on a particular family of view subtrees + included in or excluded from a particular SNMP + context's MIB view. + + Implementations must not restrict the number of + families of view subtrees for a given MIB view, + except as dictated by resource constraints on the + overall number of entries in the + vacmViewTreeFamilyTable. + + If no conceptual rows exist in this table for a given + MIB view (viewName), that view may be thought of as + consisting of the empty set of view subtrees. + " + INDEX { vacmViewTreeFamilyViewName, + vacmViewTreeFamilySubtree + } + ::= { vacmViewTreeFamilyTable 1 } + +VacmViewTreeFamilyEntry ::= SEQUENCE + { + vacmViewTreeFamilyViewName SnmpAdminString, + vacmViewTreeFamilySubtree OBJECT IDENTIFIER, + vacmViewTreeFamilyMask OCTET STRING, + vacmViewTreeFamilyType INTEGER, + vacmViewTreeFamilyStorageType StorageType, + vacmViewTreeFamilyStatus RowStatus + } + +vacmViewTreeFamilyViewName OBJECT-TYPE + SYNTAX SnmpAdminString (SIZE(1..32)) + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The human readable name for a family of view subtrees. + " + ::= { vacmViewTreeFamilyEntry 1 } + +vacmViewTreeFamilySubtree OBJECT-TYPE + SYNTAX OBJECT IDENTIFIER + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "The MIB subtree which when combined with the + corresponding instance of vacmViewTreeFamilyMask + defines a family of view subtrees. + " + ::= { vacmViewTreeFamilyEntry 2 } + +vacmViewTreeFamilyMask OBJECT-TYPE + SYNTAX OCTET STRING (SIZE (0..16)) + MAX-ACCESS read-create + STATUS current + DESCRIPTION "The bit mask which, in combination with the + corresponding instance of vacmViewTreeFamilySubtree, + defines a family of view subtrees. + + Each bit of this bit mask corresponds to a + sub-identifier of vacmViewTreeFamilySubtree, with the + most significant bit of the i-th octet of this octet + string value (extended if necessary, see below) + corresponding to the (8*i - 7)-th sub-identifier, and + the least significant bit of the i-th octet of this + octet string corresponding to the (8*i)-th + sub-identifier, where i is in the range 1 through 16. + + Each bit of this bit mask specifies whether or not + the corresponding sub-identifiers must match when + determining if an OBJECT IDENTIFIER is in this + family of view subtrees; a '1' indicates that an + exact match must occur; a '0' indicates 'wild card', + i.e., any sub-identifier value matches. + + Thus, the OBJECT IDENTIFIER X of an object instance + is contained in a family of view subtrees if, for + each sub-identifier of the value of + vacmViewTreeFamilySubtree, either: + + the i-th bit of vacmViewTreeFamilyMask is 0, or + + the i-th sub-identifier of X is equal to the i-th + sub-identifier of the value of + vacmViewTreeFamilySubtree. + + If the value of this bit mask is M bits long and + + there are more than M sub-identifiers in the + corresponding instance of vacmViewTreeFamilySubtree, + then the bit mask is extended with 1's to be the + required length. + + Note that when the value of this object is the + zero-length string, this extension rule results in + a mask of all-1's being used (i.e., no 'wild card'), + and the family of view subtrees is the one view + subtree uniquely identified by the corresponding + instance of vacmViewTreeFamilySubtree. + + Note that masks of length greater than zero length + do not need to be supported. In this case this + object is made read-only. + " + DEFVAL { ''H } + ::= { vacmViewTreeFamilyEntry 3 } + +vacmViewTreeFamilyType OBJECT-TYPE + SYNTAX INTEGER { included(1), excluded(2) } + MAX-ACCESS read-create + STATUS current + DESCRIPTION "Indicates whether the corresponding instances of + vacmViewTreeFamilySubtree and vacmViewTreeFamilyMask + define a family of view subtrees which is included in + or excluded from the MIB view. + " + DEFVAL { included } + ::= { vacmViewTreeFamilyEntry 4 } + +vacmViewTreeFamilyStorageType OBJECT-TYPE + SYNTAX StorageType + MAX-ACCESS read-create + STATUS current + DESCRIPTION "The storage type for this conceptual row. + + Conceptual rows having the value 'permanent' need not + allow write-access to any columnar objects in the row. + " + DEFVAL { nonVolatile } + ::= { vacmViewTreeFamilyEntry 5 } + +vacmViewTreeFamilyStatus OBJECT-TYPE + SYNTAX RowStatus + MAX-ACCESS read-create + STATUS current + DESCRIPTION "The status of this conceptual row. + + The RowStatus TC [RFC2579] requires that this + DESCRIPTION clause states under which circumstances + other objects in this row can be modified: + + The value of this object has no effect on whether + other objects in this conceptual row can be modified. + " + ::= { vacmViewTreeFamilyEntry 6 } + +-- Conformance information ******************************************* + +vacmMIBCompliances OBJECT IDENTIFIER ::= { vacmMIBConformance 1 } +vacmMIBGroups OBJECT IDENTIFIER ::= { vacmMIBConformance 2 } + +-- Compliance statements ********************************************* + +vacmMIBCompliance MODULE-COMPLIANCE + STATUS current + DESCRIPTION "The compliance statement for SNMP engines which + implement the SNMP View-based Access Control Model + configuration MIB. + " + MODULE -- this module + MANDATORY-GROUPS { vacmBasicGroup } + + OBJECT vacmAccessContextMatch + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT vacmAccessReadViewName + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT vacmAccessWriteViewName + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT vacmAccessNotifyViewName + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT vacmAccessStorageType + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT vacmAccessStatus + MIN-ACCESS read-only + DESCRIPTION "Create/delete/modify access to the + + vacmAccessTable is not required. + " + + OBJECT vacmViewTreeFamilyMask + WRITE-SYNTAX OCTET STRING (SIZE (0)) + MIN-ACCESS read-only + DESCRIPTION "Support for configuration via SNMP of subtree + families using wild-cards is not required. + " + + OBJECT vacmViewTreeFamilyType + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT vacmViewTreeFamilyStorageType + MIN-ACCESS read-only + DESCRIPTION "Write access is not required." + + OBJECT vacmViewTreeFamilyStatus + MIN-ACCESS read-only + DESCRIPTION "Create/delete/modify access to the + vacmViewTreeFamilyTable is not required. + " + ::= { vacmMIBCompliances 1 } + +-- Units of conformance ********************************************** + +vacmBasicGroup OBJECT-GROUP + OBJECTS { + vacmContextName, + vacmGroupName, + vacmSecurityToGroupStorageType, + vacmSecurityToGroupStatus, + vacmAccessContextMatch, + vacmAccessReadViewName, + vacmAccessWriteViewName, + vacmAccessNotifyViewName, + vacmAccessStorageType, + vacmAccessStatus, + vacmViewSpinLock, + vacmViewTreeFamilyMask, + vacmViewTreeFamilyType, + vacmViewTreeFamilyStorageType, + vacmViewTreeFamilyStatus + } + STATUS current + DESCRIPTION "A collection of objects providing for remote + configuration of an SNMP engine which implements + + the SNMP View-based Access Control Model. + " + ::= { vacmMIBGroups 1 } + +END |