2.3. Access Control

The Administrative Model for SNMPv2 document [4] includes an access control model, which must not be subverted by allowing access to management information variables via the Alarm table. That is, access to a monitored variable via the Alarm table must be controlled according to the identity of the management station accessing the particular entry in the Alarm table.

An entry in the Alarm table provides the means to configure the sampling of the value of a MIB variable in the MIB view associated with the specified context (which can refer to object resources that are either local or remote). The sampling is done by (conceptually or actually) issuing a SNMPv2 request to retrieve the variable's value. This request is authenticated and/or protected from disclosure according to a source party and a destination party pair which has access to the indicated context.

Thus, to provide the required access control, the initial MIB view assigned, by convention, to parties on SNMPv2 entities that implement the snmpAlarmTable, must include the component:

     viewSubtree  = { snmpAlarm }
     viewStatus   = { excluded }
     viewMask     = { ''H }

Then, the MIB view associated with the context, requestContext, accessible by a requesting management station, can be configured to include specific Alarm table entries -- the ones associated with those contexts to which the requesting management station has access.

In particular, to provide a requestContext with access to the sampling context sampleContext, the following family of view subtrees would be included for the requestContext on the SNMPv2 entity acting in a dual role:

        { snmpAlarmEntry WILDCARD sampleContext }

Which would be configured in the party MIB [5] as:

     contextIdentity   = { requestContext }
     contextViewIndex  = { ViewIndex }
     viewIndex         = { ViewIndex }
     viewSubtree       = { snmpAlarmEntry 0 sampleContext }
     viewStatus        = { included }
     viewMask          = { 'FFEF'H } -- specifies wildcard for column