CISCO-COMMON-ROLES-EXT-MIB Table View

This table lists all the features and feature groups
configured on a device.
          
For each feature it lists all the command(s) contained
in the feature.
          
For each feature groups it lists all the features
contained in the group.
          
A feature element is either a feature or a feature
group.
          
A device may have some predefined features which may
not be editable by a user. In addition, a device may
allow a user to define new feature group.
          
A device implementing this MIB need not implement the
objects that form a conceptual row in the
'commonRolesFeatureTable' table defined in the
CISCO-COMMON-ROLES MIB.
          
The entries in this table are persistent across device
reboots.

This table lists all the common roles configured on this
device. Common roles are the user roles which are common
across SNMP and CLI.
          
A device implementing this MIB need not implement the
objects that form a conceptual row in the
'commonRoleTable' defined in the CISCO-COMMON-ROLES MIB.
          
This table and the 'commonRoleTable' table both have
one entry per Role defined on the device. However unlike
the 'commonRoleTable', this table does not contain any
scope restriction information. The scope restriction
information instead is contained in the
'ccreRoleScopeTable' Table.
          
If a device implements this this table along with
'commonRoleTable' a row existing in
'commonRoleTable' should also exist in this table and
vice versa.
          
All entries in this table are persistent across device
reboots.

This table lists the resources to which a user belonging
to a role can access. 
          
A role may be restricted from accessing various
resources of a device. This table lists the resources
that a role can access.
          
If for a role there is no entry in this table, then
restriction, if any, is determined by the
ccrePermitAllPolicies object in the ccreRoleTable.
          
Each resource (VSAN, VLAN or Interface) to which a role
has access to, has a separate entry in the table.
For e.g. if a role has access to VLAN 1, 2, 6 and 7;
VSAN 2, 5 and 8 and interface 2/1 and 2/3, this table
will have 9 entries, 4 for VSANs, 3 for VLANs and 2 for
Interfaces.
          
Entries in this table can be created/deleted using
ccreRoleScopeRowStatus.
          
The table provides the same information as
'commonRoleScopeRestriction', 'commonRoleScope1' and
'commonRoleScope2' but in a different way.
          
The object 'commonRoleScope1' and 'commonRoleScope2'
are 256*8 bit mask with each bit representing a VLAN.
'commonRoleScope1' identifies VLANS 1 to 2048 whereas
'commonRoleScope2' identifies VLANS 2049 to 4096.
          
In this table, there is a separate entry for each VSAN,
along with separate entry for each VLAN and Interface
to which a role has access. The purpose of this table
is to remove the limit of 4096 that are supported by
'commonRoleTable'.
          
All entries in this table are persistent across device
reboots

This table lists all the rules configured for roles
defined in the ccreRoleTable. Each rule defines the
access (permit/deny) allowed to a particular command,
feature or a feature group.
          
Entries in this table are also created/deleted using
ccreRuleRowStatus.
          
A row in this table cannot be made 'active' until a
value is explicitly provided for that row's instances
of following objects :
- ccreRuleOperation
          
If ccreRuleFeatureElementName is a command,
then
- ccreRuleOperation is not needed to be set
          
A device implementing this MIB need not implement the
objects that form a conceptual row in the
'commonRuleRoleTable' table, which is defined in the
CISCO-COMMON-ROLES-MIB.
          
There is no relation between the rows in
'commonRuleRoleTable' and this table as both define
different operation types. Each table can have rows
with no corresponding rows in other table.
          
All entries in this table are persistent across device
reboots