submodule ietf-snmp-vacm {
belongs-to ietf-snmp {
prefix snmp;
}
include ietf-snmp-common;
organization
"IETF NETMOD (NETCONF Data Modeling Language) Working Group";
contact
"WG Web:
WG List:
WG Chair: Thomas Nadeau
WG Chair: Juergen Schoenwaelder
Editor: Martin Bjorklund
Editor: Juergen Schoenwaelder
";
description
"This submodule contains a collection of YANG definitions
for configuring the View-based Access Control Model (VACM)
of SNMP.
Copyright (c) 2014 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC 7407; see
the RFC itself for full legal notices.";
reference
"RFC 3415: View-based Access Control Model (VACM) for the
Simple Network Management Protocol (SNMP)";
revision 2014-12-10 {
description
"Initial revision.";
reference
"RFC 7407: A YANG Data Model for SNMP Configuration";
}
typedef view-name {
type snmp:identifier;
description
"The view-name type represents an SNMP VACM view name.";
}
typedef group-name {
type snmp:identifier;
description
"The group-name type represents an SNMP VACM group name.";
}
augment /snmp:snmp {
container vacm {
description
"Configuration of the View-based Access Control Model.";
list group {
key name;
description
"VACM groups.
This data model has a different structure than the MIB.
Groups are explicitly defined in this list, and group
members are defined in the 'member' list (mapped to
vacmSecurityToGroupTable), and access for the group is
defined in the 'access' list (mapped to
vacmAccessTable).";
reference
"RFC 3415: View-based Access Control Model (VACM) for the
Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmSecurityToGroupTable
SNMP-VIEW-BASED-ACM-MIB.vacmAccessTable";
leaf name {
type group-name;
description
"The name of this VACM group.";
reference
"RFC 3415: View-based Access Control Model (VACM) for the
Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmGroupName";
}
list member {
key "security-name";
description
"A member of this VACM group.
A specific combination of security-name and
security-model MUST NOT be present in more than
one group.";
reference
"RFC 3415: View-based Access Control Model (VACM) for the
Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmSecurityToGroupTable";
leaf security-name {
type snmp:security-name;
description
"The securityName of a group member.";
reference
"RFC 3415: View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmSecurityName";
}
leaf-list security-model {
type snmp:security-model;
min-elements 1;
description
"The security models under which this security-name
is a member of this group.";
reference
"RFC 3415: View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmSecurityModel";
}
}
list access {
key "context security-model security-level";
description
"Definition of access right for groups.";
reference
"RFC 3415: View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmAccessTable";
leaf context {
type snmp:context-name;
description
"The context (prefix) under which the access rights
apply.";
reference
"RFC 3415: View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmAccessContextPrefix";
}
leaf context-match {
type enumeration {
enum exact { value 1; }
enum prefix { value 2; }
}
default exact;
reference
"RFC 3415: View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmAccessContextMatch";
}
leaf security-model {
type snmp:security-model-or-any;
description
"The security model under which the access rights
apply.";
reference
"RFC 3415: View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmAccessSecurityModel";
}
leaf security-level {
type snmp:security-level;
description
"The minimum security level under which the access
rights apply.";
reference
"RFC 3415: View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmAccessSecurityLevel";
}
leaf read-view {
type view-name;
description
"The name of the MIB view of the SNMP context
authorizing read access. If this leaf does not
exist in a configuration, it maps to a zero-length
vacmAccessReadViewName.
Implementations MAY restrict the values of this
leaf to be one of the available values of
/snmp/vacm/view/name in a valid configuration.";
reference
"RFC 3415: View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmAccessReadViewName";
}
leaf write-view {
type view-name;
description
"The name of the MIB view of the SNMP context
authorizing write access. If this leaf does not
exist in a configuration, it maps to a zero-length
vacmAccessWriteViewName.
Implementations MAY restrict the values of this
leaf to be one of the available values of
/snmp/vacm/view/name in a valid configuration.";
reference
"RFC 3415: View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmAccessWriteViewName";
}
leaf notify-view {
type view-name;
description
"The name of the MIB view of the SNMP context
authorizing notify access. If this leaf does not
exist in a configuration, it maps to a zero-length
vacmAccessNotifyViewName.
Implementations MAY restrict the values of this
leaf to be one of the available values of
/snmp/vacm/view/name in a valid configuration.";
reference
"RFC 3415: View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmAccessNotifyViewName";
}
}
}
list view {
key name;
description
"Definition of MIB views.";
reference
"RFC 3415: View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilyTable";
leaf name {
type view-name;
description
"The name of this VACM MIB view.";
reference
"RFC 3415: View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilyName";
}
leaf-list include {
type snmp:wildcard-object-identifier;
description
"A family of subtrees included in this MIB view.";
reference
"RFC 3415: View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilySubtree
SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilyMask
SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilyType";
}
leaf-list exclude {
type snmp:wildcard-object-identifier;
description
"A family of subtrees excluded from this MIB view.";
reference
"RFC 3415: View-based Access Control Model (VACM) for
the Simple Network Management Protocol (SNMP).
SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilySubtree
SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilyMask
SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilyType";
}
}
}
}
}