blank.gif (43 bytes)

Church Of The
Swimming Elephant

2.3. Access Control Connected: An Internet Encyclopedia
2.3. Access Control

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 1451
Up: 2. Overview
Prev: 2.2. Alarms, Events, and Notifications
Next: 3. Definitions

2.3. Access Control

2.3. Access Control

The Administrative Model for SNMPv2 document [4] includes an access control model, which must not be subverted by allowing access to management information variables via the Alarm table. That is, access to a monitored variable via the Alarm table must be controlled according to the identity of the management station accessing the particular entry in the Alarm table.

An entry in the Alarm table provides the means to configure the sampling of the value of a MIB variable in the MIB view associated with the specified context (which can refer to object resources that are either local or remote). The sampling is done by (conceptually or actually) issuing a SNMPv2 request to retrieve the variable's value. This request is authenticated and/or protected from disclosure according to a source party and a destination party pair which has access to the indicated context.

Thus, to provide the required access control, the initial MIB view assigned, by convention, to parties on SNMPv2 entities that implement the snmpAlarmTable, must include the component:

     viewSubtree  = { snmpAlarm }
     viewStatus   = { excluded }
     viewMask     = { ''H }

Then, the MIB view associated with the context, requestContext, accessible by a requesting management station, can be configured to include specific Alarm table entries -- the ones associated with those contexts to which the requesting management station has access.

In particular, to provide a requestContext with access to the sampling context sampleContext, the following family of view subtrees would be included for the requestContext on the SNMPv2 entity acting in a dual role:

        { snmpAlarmEntry WILDCARD sampleContext }

Which would be configured in the party MIB [5] as:

     contextIdentity   = { requestContext }
     contextViewIndex  = { ViewIndex }
     viewIndex         = { ViewIndex }
     viewSubtree       = { snmpAlarmEntry 0 sampleContext }
     viewStatus        = { included }
     viewMask          = { 'FFEF'H } -- specifies wildcard for column

Next: 3. Definitions

Connected: An Internet Encyclopedia
2.3. Access Control


Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!

Service Details

Have you gone to church today?
All pages ©1999, 2000, 2001, 2002, 2003 Church of the Swimming Elephant unless otherwise stated
Church of the Swimming Elephant©1999, 2000, 2001, 2002, 2003 is a wholly owned subsidiary of Packetderm, LLC.

Packetderm, LLC
210 Park Ave #308
Worcester, MA 01609