vacmAccessTable
SNMP-VIEW-BASED-ACM-MIB ·
.1.3.6.1.6.3.16.1.4
Object
table
The table of access rights for groups.
Each entry is indexed by a groupName, a contextPrefix,
a securityModel and a securityLevel. To determine
whether access is allowed, one entry from this table
needs to be selected and the proper viewName from that
entry must be used for access control checking.
To select the proper entry, follow these steps:
1) the set of possible matches is formed by the
intersection of the following sets of entries:
the set of entries with identical vacmGroupName
the union of these two sets:
- the set with identical vacmAccessContextPrefix
- the set of entries with vacmAccessContextMatch
value of 'prefix' and matching
vacmAccessContextPrefix
intersected with the union of these two sets:
- the set of entries with identical
vacmSecurityModel
- the set of entries with vacmSecurityModel
value of 'any'
intersected with the set of entries with
vacmAccessSecurityLevel value less than or equal
to the requested securityLevel
2) if this set has only one member, we're done
otherwise, it comes down to deciding how to weight
the preferences between ContextPrefixes,
SecurityModels, and SecurityLevels as follows:
a) if the subset of entries with securityModel
matching the securityModel in the message is
not empty, then discard the rest.
b) if the subset of entries with
vacmAccessContextPrefix matching the contextName
in the message is not empty,
then discard the rest
c) discard all entries with ContextPrefixes shorter
than the longest one remaining in the set
d) select the entry with the highest securityLevel
Please note that for securityLevel noAuthNoPriv, all
groups are really equivalent since the assumption that
the securityName has been authenticated does not hold.
Context
- MIB
- SNMP-VIEW-BASED-ACM-MIB
- OID
.1.3.6.1.6.3.16.1.4- Type
- table
- Status
- current
- Parent
- vacmMIBObjects
- Siblings
- 3
- Children
- 1
Syntax
No syntax metadata recorded.
Values & Constraints
No enumerated values or constraints recorded.
Related Objects
Sibling Objects
| Object | Type | Syntax | OID |
|---|---|---|---|
| vacmContextTable The table of locally available contexts.
This table provides information to SNMP Command
Generator applications so that they can properly
configure the vacmA… | table | - | .1.3.6.1.6.3.16.1.1 |
| vacmSecurityToGroupTable This table maps a combination of securityModel and
securityName into a groupName which is used to define
an access control policy for a group of principals. | table | - | .1.3.6.1.6.3.16.1.2 |
| vacmMIBViews | node | - | .1.3.6.1.6.3.16.1.5 |
Child Objects
| Object | Type | Syntax | OID |
|---|---|---|---|
| vacmAccessEntry An access right configured in the Local Configuration
Datastore (LCD) authorizing access to an SNMP context.
Entries in this table can use an instance value for
objec… | row | - | .1.3.6.1.6.3.16.1.4.1 |