MIB module for managing the common roles between
access methods like Command Line Interface (CLI), SNMP
and XML interfaces.
Every user on a device is associated with a role.
A user role defines access rights afforded to the users
that belog to this role. A role specifies which
commands/operations a user is able to perform on what
information.
SNMP uses VACM (View-based Access Control Model) group
to define access rights. Both SNMPv1/v2c community and
SNMPv3 user have to belong to a group in order to access
information.
CLI uses proprietary mechanisms to define the access
rights. Most of them depend on the underlying operating
system.
Groups created from SNMP are not same as the roles
created from CLI unless they are synchronized. In
addition to this, views make up the roles in VACM where
was some kind of internal rules make the roles in the
CLI. This MIB describes a framework in which a role
defined independent of access methods. It is up to the
the particular access method to convert this
framework information into the native information. For
example, SNMP needs to convert common role framework to
VACM.
Note that this framework could be also used for any
other access methods other than SNMP and CLI.
The framework needs a list of features and list of
operations they can support. Features provide the data
context and are system dependent. Operations are the
actions that can be done on the data. The role are
defined in terms of rules. Rules are essentially access
rights which specify if a certain operation on a feature
is permitted or not.
An extension to this MIB module has been defined in 
CISCO-COMMON-ROLES-EXT-MIB to provide support for a 
framework which has compound features, i.e., features 
defined as group of other features, and also to 
provide another option for how a user's access can 
be restricted.