summaryrefslogtreecommitdiff
path: root/mibs/SNMP-VIEW-BASED-ACM-MIB.txt
diff options
context:
space:
mode:
Diffstat (limited to 'mibs/SNMP-VIEW-BASED-ACM-MIB.txt')
-rw-r--r--mibs/SNMP-VIEW-BASED-ACM-MIB.txt830
1 files changed, 830 insertions, 0 deletions
diff --git a/mibs/SNMP-VIEW-BASED-ACM-MIB.txt b/mibs/SNMP-VIEW-BASED-ACM-MIB.txt
new file mode 100644
index 0000000..7244ad0
--- /dev/null
+++ b/mibs/SNMP-VIEW-BASED-ACM-MIB.txt
@@ -0,0 +1,830 @@
+SNMP-VIEW-BASED-ACM-MIB DEFINITIONS ::= BEGIN
+
+IMPORTS
+ MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF
+ MODULE-IDENTITY, OBJECT-TYPE,
+ snmpModules FROM SNMPv2-SMI
+ TestAndIncr,
+ RowStatus, StorageType FROM SNMPv2-TC
+ SnmpAdminString,
+ SnmpSecurityLevel,
+ SnmpSecurityModel FROM SNMP-FRAMEWORK-MIB;
+
+snmpVacmMIB MODULE-IDENTITY
+ LAST-UPDATED "200210160000Z" -- 16 Oct 2002, midnight
+ ORGANIZATION "SNMPv3 Working Group"
+ CONTACT-INFO "WG-email: snmpv3@lists.tislabs.com
+ Subscribe: majordomo@lists.tislabs.com
+ In message body: subscribe snmpv3
+
+ Co-Chair: Russ Mundy
+ Network Associates Laboratories
+ postal: 15204 Omega Drive, Suite 300
+ Rockville, MD 20850-4601
+ USA
+ email: mundy@tislabs.com
+ phone: +1 301-947-7107
+
+ Co-Chair: David Harrington
+ Enterasys Networks
+ Postal: 35 Industrial Way
+ P. O. Box 5004
+ Rochester, New Hampshire 03866-5005
+ USA
+ EMail: dbh@enterasys.com
+ Phone: +1 603-337-2614
+
+ Co-editor: Bert Wijnen
+ Lucent Technologies
+ postal: Schagen 33
+ 3461 GL Linschoten
+ Netherlands
+ email: bwijnen@lucent.com
+ phone: +31-348-480-685
+
+ Co-editor: Randy Presuhn
+ BMC Software, Inc.
+
+ postal: 2141 North First Street
+ San Jose, CA 95131
+ USA
+ email: randy_presuhn@bmc.com
+ phone: +1 408-546-1006
+
+ Co-editor: Keith McCloghrie
+ Cisco Systems, Inc.
+ postal: 170 West Tasman Drive
+ San Jose, CA 95134-1706
+ USA
+ email: kzm@cisco.com
+ phone: +1-408-526-5260
+ "
+ DESCRIPTION "The management information definitions for the
+ View-based Access Control Model for SNMP.
+
+ Copyright (C) The Internet Society (2002). This
+ version of this MIB module is part of RFC 3415;
+ see the RFC itself for full legal notices.
+ "
+-- Revision history
+
+ REVISION "200210160000Z" -- 16 Oct 2002, midnight
+ DESCRIPTION "Clarifications, published as RFC3415"
+
+ REVISION "199901200000Z" -- 20 Jan 1999, midnight
+ DESCRIPTION "Clarifications, published as RFC2575"
+
+ REVISION "199711200000Z" -- 20 Nov 1997, midnight
+ DESCRIPTION "Initial version, published as RFC2275"
+ ::= { snmpModules 16 }
+
+-- Administrative assignments ****************************************
+
+vacmMIBObjects OBJECT IDENTIFIER ::= { snmpVacmMIB 1 }
+vacmMIBConformance OBJECT IDENTIFIER ::= { snmpVacmMIB 2 }
+
+-- Information about Local Contexts **********************************
+
+vacmContextTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF VacmContextEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION "The table of locally available contexts.
+
+ This table provides information to SNMP Command
+
+ Generator applications so that they can properly
+ configure the vacmAccessTable to control access to
+ all contexts at the SNMP entity.
+
+ This table may change dynamically if the SNMP entity
+ allows that contexts are added/deleted dynamically
+ (for instance when its configuration changes). Such
+ changes would happen only if the management
+ instrumentation at that SNMP entity recognizes more
+ (or fewer) contexts.
+
+ The presence of entries in this table and of entries
+ in the vacmAccessTable are independent. That is, a
+ context identified by an entry in this table is not
+ necessarily referenced by any entries in the
+ vacmAccessTable; and the context(s) referenced by an
+ entry in the vacmAccessTable does not necessarily
+ currently exist and thus need not be identified by an
+ entry in this table.
+
+ This table must be made accessible via the default
+ context so that Command Responder applications have
+ a standard way of retrieving the information.
+
+ This table is read-only. It cannot be configured via
+ SNMP.
+ "
+ ::= { vacmMIBObjects 1 }
+
+vacmContextEntry OBJECT-TYPE
+ SYNTAX VacmContextEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION "Information about a particular context."
+ INDEX {
+ vacmContextName
+ }
+ ::= { vacmContextTable 1 }
+
+VacmContextEntry ::= SEQUENCE
+ {
+ vacmContextName SnmpAdminString
+ }
+
+vacmContextName OBJECT-TYPE
+ SYNTAX SnmpAdminString (SIZE(0..32))
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION "A human readable name identifying a particular
+ context at a particular SNMP entity.
+
+ The empty contextName (zero length) represents the
+ default context.
+ "
+ ::= { vacmContextEntry 1 }
+
+-- Information about Groups ******************************************
+
+vacmSecurityToGroupTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF VacmSecurityToGroupEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION "This table maps a combination of securityModel and
+ securityName into a groupName which is used to define
+ an access control policy for a group of principals.
+ "
+ ::= { vacmMIBObjects 2 }
+
+vacmSecurityToGroupEntry OBJECT-TYPE
+ SYNTAX VacmSecurityToGroupEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION "An entry in this table maps the combination of a
+ securityModel and securityName into a groupName.
+ "
+ INDEX {
+ vacmSecurityModel,
+ vacmSecurityName
+ }
+ ::= { vacmSecurityToGroupTable 1 }
+
+VacmSecurityToGroupEntry ::= SEQUENCE
+ {
+ vacmSecurityModel SnmpSecurityModel,
+ vacmSecurityName SnmpAdminString,
+ vacmGroupName SnmpAdminString,
+ vacmSecurityToGroupStorageType StorageType,
+ vacmSecurityToGroupStatus RowStatus
+ }
+
+vacmSecurityModel OBJECT-TYPE
+ SYNTAX SnmpSecurityModel(1..2147483647)
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION "The Security Model, by which the vacmSecurityName
+ referenced by this entry is provided.
+
+ Note, this object may not take the 'any' (0) value.
+ "
+ ::= { vacmSecurityToGroupEntry 1 }
+
+vacmSecurityName OBJECT-TYPE
+ SYNTAX SnmpAdminString (SIZE(1..32))
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION "The securityName for the principal, represented in a
+ Security Model independent format, which is mapped by
+ this entry to a groupName.
+ "
+ ::= { vacmSecurityToGroupEntry 2 }
+
+vacmGroupName OBJECT-TYPE
+ SYNTAX SnmpAdminString (SIZE(1..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION "The name of the group to which this entry (e.g., the
+ combination of securityModel and securityName)
+ belongs.
+
+ This groupName is used as index into the
+ vacmAccessTable to select an access control policy.
+ However, a value in this table does not imply that an
+ instance with the value exists in table vacmAccesTable.
+ "
+ ::= { vacmSecurityToGroupEntry 3 }
+
+vacmSecurityToGroupStorageType OBJECT-TYPE
+ SYNTAX StorageType
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION "The storage type for this conceptual row.
+ Conceptual rows having the value 'permanent' need not
+ allow write-access to any columnar objects in the row.
+ "
+ DEFVAL { nonVolatile }
+ ::= { vacmSecurityToGroupEntry 4 }
+
+vacmSecurityToGroupStatus OBJECT-TYPE
+ SYNTAX RowStatus
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION "The status of this conceptual row.
+
+ Until instances of all corresponding columns are
+ appropriately configured, the value of the
+
+ corresponding instance of the vacmSecurityToGroupStatus
+ column is 'notReady'.
+
+ In particular, a newly created row cannot be made
+ active until a value has been set for vacmGroupName.
+
+ The RowStatus TC [RFC2579] requires that this
+ DESCRIPTION clause states under which circumstances
+ other objects in this row can be modified:
+
+ The value of this object has no effect on whether
+ other objects in this conceptual row can be modified.
+ "
+ ::= { vacmSecurityToGroupEntry 5 }
+
+-- Information about Access Rights ***********************************
+
+vacmAccessTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF VacmAccessEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION "The table of access rights for groups.
+
+ Each entry is indexed by a groupName, a contextPrefix,
+ a securityModel and a securityLevel. To determine
+ whether access is allowed, one entry from this table
+ needs to be selected and the proper viewName from that
+ entry must be used for access control checking.
+
+ To select the proper entry, follow these steps:
+
+ 1) the set of possible matches is formed by the
+ intersection of the following sets of entries:
+
+ the set of entries with identical vacmGroupName
+ the union of these two sets:
+ - the set with identical vacmAccessContextPrefix
+ - the set of entries with vacmAccessContextMatch
+ value of 'prefix' and matching
+ vacmAccessContextPrefix
+ intersected with the union of these two sets:
+ - the set of entries with identical
+ vacmSecurityModel
+ - the set of entries with vacmSecurityModel
+ value of 'any'
+ intersected with the set of entries with
+ vacmAccessSecurityLevel value less than or equal
+ to the requested securityLevel
+
+ 2) if this set has only one member, we're done
+ otherwise, it comes down to deciding how to weight
+ the preferences between ContextPrefixes,
+ SecurityModels, and SecurityLevels as follows:
+ a) if the subset of entries with securityModel
+ matching the securityModel in the message is
+ not empty, then discard the rest.
+ b) if the subset of entries with
+ vacmAccessContextPrefix matching the contextName
+ in the message is not empty,
+ then discard the rest
+ c) discard all entries with ContextPrefixes shorter
+ than the longest one remaining in the set
+ d) select the entry with the highest securityLevel
+
+ Please note that for securityLevel noAuthNoPriv, all
+ groups are really equivalent since the assumption that
+ the securityName has been authenticated does not hold.
+ "
+ ::= { vacmMIBObjects 4 }
+
+vacmAccessEntry OBJECT-TYPE
+ SYNTAX VacmAccessEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION "An access right configured in the Local Configuration
+ Datastore (LCD) authorizing access to an SNMP context.
+
+ Entries in this table can use an instance value for
+ object vacmGroupName even if no entry in table
+ vacmAccessSecurityToGroupTable has a corresponding
+ value for object vacmGroupName.
+ "
+ INDEX { vacmGroupName,
+ vacmAccessContextPrefix,
+ vacmAccessSecurityModel,
+ vacmAccessSecurityLevel
+ }
+ ::= { vacmAccessTable 1 }
+
+VacmAccessEntry ::= SEQUENCE
+ {
+ vacmAccessContextPrefix SnmpAdminString,
+ vacmAccessSecurityModel SnmpSecurityModel,
+ vacmAccessSecurityLevel SnmpSecurityLevel,
+ vacmAccessContextMatch INTEGER,
+ vacmAccessReadViewName SnmpAdminString,
+ vacmAccessWriteViewName SnmpAdminString,
+ vacmAccessNotifyViewName SnmpAdminString,
+ vacmAccessStorageType StorageType,
+ vacmAccessStatus RowStatus
+ }
+
+vacmAccessContextPrefix OBJECT-TYPE
+ SYNTAX SnmpAdminString (SIZE(0..32))
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION "In order to gain the access rights allowed by this
+ conceptual row, a contextName must match exactly
+ (if the value of vacmAccessContextMatch is 'exact')
+ or partially (if the value of vacmAccessContextMatch
+ is 'prefix') to the value of the instance of this
+ object.
+ "
+ ::= { vacmAccessEntry 1 }
+
+vacmAccessSecurityModel OBJECT-TYPE
+ SYNTAX SnmpSecurityModel
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION "In order to gain the access rights allowed by this
+ conceptual row, this securityModel must be in use.
+ "
+ ::= { vacmAccessEntry 2 }
+
+vacmAccessSecurityLevel OBJECT-TYPE
+ SYNTAX SnmpSecurityLevel
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION "The minimum level of security required in order to
+ gain the access rights allowed by this conceptual
+ row. A securityLevel of noAuthNoPriv is less than
+ authNoPriv which in turn is less than authPriv.
+
+ If multiple entries are equally indexed except for
+ this vacmAccessSecurityLevel index, then the entry
+ which has the highest value for
+ vacmAccessSecurityLevel is selected.
+ "
+ ::= { vacmAccessEntry 3 }
+
+vacmAccessContextMatch OBJECT-TYPE
+ SYNTAX INTEGER
+ { exact (1), -- exact match of prefix and contextName
+ prefix (2) -- Only match to the prefix
+ }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION "If the value of this object is exact(1), then all
+ rows where the contextName exactly matches
+ vacmAccessContextPrefix are selected.
+
+ If the value of this object is prefix(2), then all
+ rows where the contextName whose starting octets
+ exactly match vacmAccessContextPrefix are selected.
+ This allows for a simple form of wildcarding.
+ "
+ DEFVAL { exact }
+ ::= { vacmAccessEntry 4 }
+
+vacmAccessReadViewName OBJECT-TYPE
+ SYNTAX SnmpAdminString (SIZE(0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION "The value of an instance of this object identifies
+ the MIB view of the SNMP context to which this
+ conceptual row authorizes read access.
+
+ The identified MIB view is that one for which the
+ vacmViewTreeFamilyViewName has the same value as the
+ instance of this object; if the value is the empty
+ string or if there is no active MIB view having this
+ value of vacmViewTreeFamilyViewName, then no access
+ is granted.
+ "
+ DEFVAL { ''H } -- the empty string
+ ::= { vacmAccessEntry 5 }
+
+vacmAccessWriteViewName OBJECT-TYPE
+ SYNTAX SnmpAdminString (SIZE(0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION "The value of an instance of this object identifies
+ the MIB view of the SNMP context to which this
+ conceptual row authorizes write access.
+
+ The identified MIB view is that one for which the
+ vacmViewTreeFamilyViewName has the same value as the
+ instance of this object; if the value is the empty
+ string or if there is no active MIB view having this
+ value of vacmViewTreeFamilyViewName, then no access
+ is granted.
+ "
+ DEFVAL { ''H } -- the empty string
+ ::= { vacmAccessEntry 6 }
+
+vacmAccessNotifyViewName OBJECT-TYPE
+ SYNTAX SnmpAdminString (SIZE(0..32))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION "The value of an instance of this object identifies
+ the MIB view of the SNMP context to which this
+ conceptual row authorizes access for notifications.
+
+ The identified MIB view is that one for which the
+ vacmViewTreeFamilyViewName has the same value as the
+ instance of this object; if the value is the empty
+ string or if there is no active MIB view having this
+ value of vacmViewTreeFamilyViewName, then no access
+ is granted.
+ "
+ DEFVAL { ''H } -- the empty string
+ ::= { vacmAccessEntry 7 }
+
+vacmAccessStorageType OBJECT-TYPE
+ SYNTAX StorageType
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION "The storage type for this conceptual row.
+
+ Conceptual rows having the value 'permanent' need not
+ allow write-access to any columnar objects in the row.
+ "
+ DEFVAL { nonVolatile }
+ ::= { vacmAccessEntry 8 }
+
+vacmAccessStatus OBJECT-TYPE
+ SYNTAX RowStatus
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION "The status of this conceptual row.
+
+ The RowStatus TC [RFC2579] requires that this
+ DESCRIPTION clause states under which circumstances
+ other objects in this row can be modified:
+
+ The value of this object has no effect on whether
+ other objects in this conceptual row can be modified.
+ "
+ ::= { vacmAccessEntry 9 }
+
+-- Information about MIB views ***************************************
+
+-- Support for instance-level granularity is optional.
+--
+-- In some implementations, instance-level access control
+-- granularity may come at a high performance cost. Managers
+-- should avoid requesting such configurations unnecessarily.
+
+vacmMIBViews OBJECT IDENTIFIER ::= { vacmMIBObjects 5 }
+
+vacmViewSpinLock OBJECT-TYPE
+ SYNTAX TestAndIncr
+ MAX-ACCESS read-write
+ STATUS current
+ DESCRIPTION "An advisory lock used to allow cooperating SNMP
+ Command Generator applications to coordinate their
+ use of the Set operation in creating or modifying
+ views.
+
+ When creating a new view or altering an existing
+ view, it is important to understand the potential
+ interactions with other uses of the view. The
+ vacmViewSpinLock should be retrieved. The name of
+ the view to be created should be determined to be
+ unique by the SNMP Command Generator application by
+ consulting the vacmViewTreeFamilyTable. Finally,
+ the named view may be created (Set), including the
+ advisory lock.
+ If another SNMP Command Generator application has
+ altered the views in the meantime, then the spin
+ lock's value will have changed, and so this creation
+ will fail because it will specify the wrong value for
+ the spin lock.
+
+ Since this is an advisory lock, the use of this lock
+ is not enforced.
+ "
+ ::= { vacmMIBViews 1 }
+
+vacmViewTreeFamilyTable OBJECT-TYPE
+ SYNTAX SEQUENCE OF VacmViewTreeFamilyEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION "Locally held information about families of subtrees
+ within MIB views.
+
+ Each MIB view is defined by two sets of view subtrees:
+ - the included view subtrees, and
+ - the excluded view subtrees.
+ Every such view subtree, both the included and the
+
+ excluded ones, is defined in this table.
+
+ To determine if a particular object instance is in
+ a particular MIB view, compare the object instance's
+ OBJECT IDENTIFIER with each of the MIB view's active
+ entries in this table. If none match, then the
+ object instance is not in the MIB view. If one or
+ more match, then the object instance is included in,
+ or excluded from, the MIB view according to the
+ value of vacmViewTreeFamilyType in the entry whose
+ value of vacmViewTreeFamilySubtree has the most
+ sub-identifiers. If multiple entries match and have
+ the same number of sub-identifiers (when wildcarding
+ is specified with the value of vacmViewTreeFamilyMask),
+ then the lexicographically greatest instance of
+ vacmViewTreeFamilyType determines the inclusion or
+ exclusion.
+
+ An object instance's OBJECT IDENTIFIER X matches an
+ active entry in this table when the number of
+ sub-identifiers in X is at least as many as in the
+ value of vacmViewTreeFamilySubtree for the entry,
+ and each sub-identifier in the value of
+ vacmViewTreeFamilySubtree matches its corresponding
+ sub-identifier in X. Two sub-identifiers match
+ either if the corresponding bit of the value of
+ vacmViewTreeFamilyMask for the entry is zero (the
+ 'wild card' value), or if they are equal.
+
+ A 'family' of subtrees is the set of subtrees defined
+ by a particular combination of values of
+ vacmViewTreeFamilySubtree and vacmViewTreeFamilyMask.
+
+ In the case where no 'wild card' is defined in the
+ vacmViewTreeFamilyMask, the family of subtrees reduces
+ to a single subtree.
+
+ When creating or changing MIB views, an SNMP Command
+ Generator application should utilize the
+ vacmViewSpinLock to try to avoid collisions. See
+ DESCRIPTION clause of vacmViewSpinLock.
+
+ When creating MIB views, it is strongly advised that
+ first the 'excluded' vacmViewTreeFamilyEntries are
+ created and then the 'included' entries.
+
+ When deleting MIB views, it is strongly advised that
+ first the 'included' vacmViewTreeFamilyEntries are
+
+ deleted and then the 'excluded' entries.
+
+ If a create for an entry for instance-level access
+ control is received and the implementation does not
+ support instance-level granularity, then an
+ inconsistentName error must be returned.
+ "
+ ::= { vacmMIBViews 2 }
+
+vacmViewTreeFamilyEntry OBJECT-TYPE
+ SYNTAX VacmViewTreeFamilyEntry
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION "Information on a particular family of view subtrees
+ included in or excluded from a particular SNMP
+ context's MIB view.
+
+ Implementations must not restrict the number of
+ families of view subtrees for a given MIB view,
+ except as dictated by resource constraints on the
+ overall number of entries in the
+ vacmViewTreeFamilyTable.
+
+ If no conceptual rows exist in this table for a given
+ MIB view (viewName), that view may be thought of as
+ consisting of the empty set of view subtrees.
+ "
+ INDEX { vacmViewTreeFamilyViewName,
+ vacmViewTreeFamilySubtree
+ }
+ ::= { vacmViewTreeFamilyTable 1 }
+
+VacmViewTreeFamilyEntry ::= SEQUENCE
+ {
+ vacmViewTreeFamilyViewName SnmpAdminString,
+ vacmViewTreeFamilySubtree OBJECT IDENTIFIER,
+ vacmViewTreeFamilyMask OCTET STRING,
+ vacmViewTreeFamilyType INTEGER,
+ vacmViewTreeFamilyStorageType StorageType,
+ vacmViewTreeFamilyStatus RowStatus
+ }
+
+vacmViewTreeFamilyViewName OBJECT-TYPE
+ SYNTAX SnmpAdminString (SIZE(1..32))
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION "The human readable name for a family of view subtrees.
+ "
+ ::= { vacmViewTreeFamilyEntry 1 }
+
+vacmViewTreeFamilySubtree OBJECT-TYPE
+ SYNTAX OBJECT IDENTIFIER
+ MAX-ACCESS not-accessible
+ STATUS current
+ DESCRIPTION "The MIB subtree which when combined with the
+ corresponding instance of vacmViewTreeFamilyMask
+ defines a family of view subtrees.
+ "
+ ::= { vacmViewTreeFamilyEntry 2 }
+
+vacmViewTreeFamilyMask OBJECT-TYPE
+ SYNTAX OCTET STRING (SIZE (0..16))
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION "The bit mask which, in combination with the
+ corresponding instance of vacmViewTreeFamilySubtree,
+ defines a family of view subtrees.
+
+ Each bit of this bit mask corresponds to a
+ sub-identifier of vacmViewTreeFamilySubtree, with the
+ most significant bit of the i-th octet of this octet
+ string value (extended if necessary, see below)
+ corresponding to the (8*i - 7)-th sub-identifier, and
+ the least significant bit of the i-th octet of this
+ octet string corresponding to the (8*i)-th
+ sub-identifier, where i is in the range 1 through 16.
+
+ Each bit of this bit mask specifies whether or not
+ the corresponding sub-identifiers must match when
+ determining if an OBJECT IDENTIFIER is in this
+ family of view subtrees; a '1' indicates that an
+ exact match must occur; a '0' indicates 'wild card',
+ i.e., any sub-identifier value matches.
+
+ Thus, the OBJECT IDENTIFIER X of an object instance
+ is contained in a family of view subtrees if, for
+ each sub-identifier of the value of
+ vacmViewTreeFamilySubtree, either:
+
+ the i-th bit of vacmViewTreeFamilyMask is 0, or
+
+ the i-th sub-identifier of X is equal to the i-th
+ sub-identifier of the value of
+ vacmViewTreeFamilySubtree.
+
+ If the value of this bit mask is M bits long and
+
+ there are more than M sub-identifiers in the
+ corresponding instance of vacmViewTreeFamilySubtree,
+ then the bit mask is extended with 1's to be the
+ required length.
+
+ Note that when the value of this object is the
+ zero-length string, this extension rule results in
+ a mask of all-1's being used (i.e., no 'wild card'),
+ and the family of view subtrees is the one view
+ subtree uniquely identified by the corresponding
+ instance of vacmViewTreeFamilySubtree.
+
+ Note that masks of length greater than zero length
+ do not need to be supported. In this case this
+ object is made read-only.
+ "
+ DEFVAL { ''H }
+ ::= { vacmViewTreeFamilyEntry 3 }
+
+vacmViewTreeFamilyType OBJECT-TYPE
+ SYNTAX INTEGER { included(1), excluded(2) }
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION "Indicates whether the corresponding instances of
+ vacmViewTreeFamilySubtree and vacmViewTreeFamilyMask
+ define a family of view subtrees which is included in
+ or excluded from the MIB view.
+ "
+ DEFVAL { included }
+ ::= { vacmViewTreeFamilyEntry 4 }
+
+vacmViewTreeFamilyStorageType OBJECT-TYPE
+ SYNTAX StorageType
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION "The storage type for this conceptual row.
+
+ Conceptual rows having the value 'permanent' need not
+ allow write-access to any columnar objects in the row.
+ "
+ DEFVAL { nonVolatile }
+ ::= { vacmViewTreeFamilyEntry 5 }
+
+vacmViewTreeFamilyStatus OBJECT-TYPE
+ SYNTAX RowStatus
+ MAX-ACCESS read-create
+ STATUS current
+ DESCRIPTION "The status of this conceptual row.
+
+ The RowStatus TC [RFC2579] requires that this
+ DESCRIPTION clause states under which circumstances
+ other objects in this row can be modified:
+
+ The value of this object has no effect on whether
+ other objects in this conceptual row can be modified.
+ "
+ ::= { vacmViewTreeFamilyEntry 6 }
+
+-- Conformance information *******************************************
+
+vacmMIBCompliances OBJECT IDENTIFIER ::= { vacmMIBConformance 1 }
+vacmMIBGroups OBJECT IDENTIFIER ::= { vacmMIBConformance 2 }
+
+-- Compliance statements *********************************************
+
+vacmMIBCompliance MODULE-COMPLIANCE
+ STATUS current
+ DESCRIPTION "The compliance statement for SNMP engines which
+ implement the SNMP View-based Access Control Model
+ configuration MIB.
+ "
+ MODULE -- this module
+ MANDATORY-GROUPS { vacmBasicGroup }
+
+ OBJECT vacmAccessContextMatch
+ MIN-ACCESS read-only
+ DESCRIPTION "Write access is not required."
+
+ OBJECT vacmAccessReadViewName
+ MIN-ACCESS read-only
+ DESCRIPTION "Write access is not required."
+
+ OBJECT vacmAccessWriteViewName
+ MIN-ACCESS read-only
+ DESCRIPTION "Write access is not required."
+
+ OBJECT vacmAccessNotifyViewName
+ MIN-ACCESS read-only
+ DESCRIPTION "Write access is not required."
+
+ OBJECT vacmAccessStorageType
+ MIN-ACCESS read-only
+ DESCRIPTION "Write access is not required."
+
+ OBJECT vacmAccessStatus
+ MIN-ACCESS read-only
+ DESCRIPTION "Create/delete/modify access to the
+
+ vacmAccessTable is not required.
+ "
+
+ OBJECT vacmViewTreeFamilyMask
+ WRITE-SYNTAX OCTET STRING (SIZE (0))
+ MIN-ACCESS read-only
+ DESCRIPTION "Support for configuration via SNMP of subtree
+ families using wild-cards is not required.
+ "
+
+ OBJECT vacmViewTreeFamilyType
+ MIN-ACCESS read-only
+ DESCRIPTION "Write access is not required."
+
+ OBJECT vacmViewTreeFamilyStorageType
+ MIN-ACCESS read-only
+ DESCRIPTION "Write access is not required."
+
+ OBJECT vacmViewTreeFamilyStatus
+ MIN-ACCESS read-only
+ DESCRIPTION "Create/delete/modify access to the
+ vacmViewTreeFamilyTable is not required.
+ "
+ ::= { vacmMIBCompliances 1 }
+
+-- Units of conformance **********************************************
+
+vacmBasicGroup OBJECT-GROUP
+ OBJECTS {
+ vacmContextName,
+ vacmGroupName,
+ vacmSecurityToGroupStorageType,
+ vacmSecurityToGroupStatus,
+ vacmAccessContextMatch,
+ vacmAccessReadViewName,
+ vacmAccessWriteViewName,
+ vacmAccessNotifyViewName,
+ vacmAccessStorageType,
+ vacmAccessStatus,
+ vacmViewSpinLock,
+ vacmViewTreeFamilyMask,
+ vacmViewTreeFamilyType,
+ vacmViewTreeFamilyStorageType,
+ vacmViewTreeFamilyStatus
+ }
+ STATUS current
+ DESCRIPTION "A collection of objects providing for remote
+ configuration of an SNMP engine which implements
+
+ the SNMP View-based Access Control Model.
+ "
+ ::= { vacmMIBGroups 1 }
+
+END