mirror of
https://github.com/hsnodgrass/snmp_mib_archive.git
synced 2025-04-17 16:03:04 +00:00
838 lines
29 KiB
Plaintext
838 lines
29 KiB
Plaintext
-- *********************************************************************
|
|
-- CISCO-COMMON-ROLES-EXT-MIB.my: Common Roles Extension Mib
|
|
--
|
|
-- February 2008, Mukul Chauhan
|
|
--
|
|
-- Copyright (c) 2003, 2008 by Cisco Systems Inc.
|
|
-- All rights reserved.
|
|
--
|
|
-- *********************************************************************
|
|
|
|
CISCO-COMMON-ROLES-EXT-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-TYPE,
|
|
Unsigned32,
|
|
Integer32
|
|
FROM SNMPv2-SMI
|
|
MODULE-COMPLIANCE,
|
|
OBJECT-GROUP
|
|
FROM SNMPv2-CONF
|
|
RowStatus,
|
|
TEXTUAL-CONVENTION,
|
|
TruthValue
|
|
FROM SNMPv2-TC
|
|
SnmpAdminString
|
|
FROM SNMP-FRAMEWORK-MIB
|
|
ccrmConfigurationExtGroup
|
|
FROM CISCO-COMMON-ROLES-MIB
|
|
ciscoMgmt
|
|
FROM CISCO-SMI;
|
|
|
|
|
|
ciscoCommonRolesExtMIB MODULE-IDENTITY
|
|
LAST-UPDATED "200802150000Z"
|
|
ORGANIZATION "Cisco Systems Inc."
|
|
CONTACT-INFO
|
|
"Cisco Systems
|
|
Customer Service
|
|
Postal: 170 W Tasman Drive
|
|
San Jose, CA 95134
|
|
USA
|
|
Tel: +1 800 553 -NETS
|
|
E-mail: cs-san@cisco.com"
|
|
DESCRIPTION
|
|
"A MIB Module for managing the roles that are common
|
|
between access methods like Command Line Interface (CLI),
|
|
SNMP and XML interface. This MIB is an extension to the
|
|
CISCO-COMMON-ROLES-MIB, which is for managing Common
|
|
Roles on a device with fixed feature.
|
|
|
|
Terminology:
|
|
|
|
Commands are the basic operations that can be performed
|
|
on a device. For example 'show aaa *', 'clear aaa *',
|
|
'config t; ip arp *'.
|
|
|
|
Commands can be organized into groups called
|
|
Features. Features can be organized into groups called
|
|
Feature Groups.
|
|
|
|
The constituents of a Feature (i.e. Commands) and the
|
|
constituents of a Feature Group (i.e. Features) are
|
|
collectively referred to as Feature Elements.
|
|
|
|
This MIB extends the CISCO-COMMON-ROLES-MIB by adding
|
|
the following.
|
|
|
|
Features can be organized into groups called feature groups.
|
|
Access privileges can be assigned to feature group(s)
|
|
associated with a Role.
|
|
|
|
The five access privileges (clear, config, debug, show &
|
|
exec) are replaced by two access privileges ('read' and
|
|
'readWrite'). These two privileges have no relation to the
|
|
replaced five privileges.
|
|
|
|
The types of objects to which access can be restricted
|
|
is extended to include VLANs and Interfaces.
|
|
|
|
A device implementing this MIB need not implement
|
|
CISCO-COMMON-ROLES-MIB."
|
|
REVISION "200802150000Z"
|
|
DESCRIPTION
|
|
"Initial version of this MIB module."
|
|
::= { ciscoMgmt 651 }
|
|
|
|
|
|
ciscoCommonRolesExtNotifications OBJECT IDENTIFIER
|
|
::= { ciscoCommonRolesExtMIB 0 }
|
|
|
|
ciscoCommonRolesExtMIBObjects OBJECT IDENTIFIER
|
|
::= { ciscoCommonRolesExtMIB 1 }
|
|
|
|
ciscoCommonRolesExtMIBConformance OBJECT IDENTIFIER
|
|
::= { ciscoCommonRolesExtMIB 2 }
|
|
|
|
ccreInfo OBJECT IDENTIFIER
|
|
::= { ciscoCommonRolesExtMIBObjects 1 }
|
|
|
|
ccreRoleConfig OBJECT IDENTIFIER
|
|
::= { ciscoCommonRolesExtMIBObjects 2 }
|
|
|
|
ccreRuleConfig OBJECT IDENTIFIER
|
|
::= { ciscoCommonRolesExtMIBObjects 3 }
|
|
|
|
|
|
-- Textual Conventions
|
|
|
|
CcreOperation ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Privileges allowed for a common role.
|
|
|
|
read - Read opeation
|
|
readWrite - Read-Write operation
|
|
|
|
Note that if a privilege is not supported by an access
|
|
method, then it does not apply to that access method.
|
|
|
|
There privileges are not related to the privileges
|
|
defined in 'CommonRoleOperation'"
|
|
SYNTAX INTEGER {
|
|
read(1),
|
|
readWrite(2)
|
|
}
|
|
|
|
CcreResourceAccess ::= TEXTUAL-CONVENTION
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A User can be restricted from accessing resources, in
|
|
addition to being restricted from performing certain
|
|
operations.
|
|
|
|
For e.g. a user assigned a role can be restricted from
|
|
accessing all VLANs configured on the device except VLAN
|
|
1 and 4, or a user can be allowed to access all VSANs
|
|
configured on the device except VSAN 5 and 10, or a User
|
|
can be allowed to access Interface 1, 5, 10, 15 and 20
|
|
and restricted from accessing all other interfaces.
|
|
|
|
This Bit mask lists the types of resources to which user
|
|
access can be controlled.
|
|
|
|
vsan(0)
|
|
Bit value of 0 indicates that the user has access
|
|
to no VSANs. However a user can be selectively
|
|
assigned access to VSANs and each such accessible
|
|
VSAN will have an entry in the 'ccreRoleScopeTable'.
|
|
Bit value of 1 indicates that the user has access
|
|
to all VSANs. In this case there are no VSAN entries
|
|
in the 'ccreRoleScopeTable'. Setting the bit to 1
|
|
results in deletion of all VSAN entries from the
|
|
ccreRoleScopeTable, for the role identified by
|
|
'ccreRoleName'.
|
|
|
|
vlan(1)
|
|
Bit value of 0 indicates that the user has access
|
|
to no VLANs. However a user can be selectively
|
|
assigned access to VLANs and each such accessible
|
|
VLAN will have an entry in the 'ccreRoleScopeTable'.
|
|
Bit value of 1 indicates that the user has access
|
|
to all VLANs. In this case there are no VLAN entries
|
|
in the 'ccreRoleScopeTable'. Setting the bit to 1
|
|
results in deletion of all VLAN entries from the
|
|
ccreRoleScopeTable, for the role identified by
|
|
'ccreRoleName'.
|
|
|
|
interface(2)
|
|
Bit value of 0 indicates that the user has access
|
|
to no interfaces. However a user can be selectively
|
|
assigned access to interfaces and each such accessible
|
|
interface will have an entry in the 'ccreRoleScopeTable'.
|
|
Bit value of 1 indicates that the user has access
|
|
to all interfaces. In this case there are no interface
|
|
entries in the 'ccreRoleScopeTable'. Setting the bit to 1
|
|
results in deletion of all interface entries from the
|
|
ccreRoleScopeTable, for the role identified by
|
|
'ccreRoleName'."
|
|
SYNTAX BITS {
|
|
vsan(0),
|
|
vlan(1),
|
|
interface(2)
|
|
}
|
|
-- ccreFeatureElementTable
|
|
|
|
ccreFeatureElementTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CcreFeatureElementEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table lists all the features and feature groups
|
|
configured on a device.
|
|
|
|
For each feature it lists all the command(s) contained
|
|
in the feature.
|
|
|
|
For each feature groups it lists all the features
|
|
contained in the group.
|
|
|
|
A feature element is either a feature or a feature
|
|
group.
|
|
|
|
A device may have some predefined features which may
|
|
not be editable by a user. In addition, a device may
|
|
allow a user to define new feature group.
|
|
|
|
A device implementing this MIB need not implement the
|
|
objects that form a conceptual row in the
|
|
'commonRolesFeatureTable' table defined in the
|
|
CISCO-COMMON-ROLES MIB.
|
|
|
|
The entries in this table are persistent across device
|
|
reboots."
|
|
::= { ccreInfo 1 }
|
|
|
|
ccreFeatureElementEntry OBJECT-TYPE
|
|
SYNTAX CcreFeatureElementEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry (conceptual row) in the ccreFeatureElementTable.
|
|
|
|
Each row in this table represents an element (command
|
|
or a feature) contained in a feature or a feature group.
|
|
|
|
For example a 'radius' feature that contains three
|
|
commands - 'radius-server', 'radius-cfs' and
|
|
'aaa group server radius', this table
|
|
will have three entries, one each for the three
|
|
commands.
|
|
|
|
ccreFeatureName ccreFeatureIndex ccreFeatureElementName
|
|
'radius' 1 'radius-server'
|
|
'radius' 2 'radius-cfs'
|
|
'radius' 3 'aaa group server radius'
|
|
'arp' 1 'show arp'
|
|
'arp' 2 'clear ip arp'"
|
|
INDEX {
|
|
ccreFeatureName,
|
|
ccreFeatureElementIndex
|
|
}
|
|
::= { ccreFeatureElementTable 1 }
|
|
|
|
CcreFeatureElementEntry ::= SEQUENCE {
|
|
ccreFeatureName SnmpAdminString,
|
|
ccreFeatureElementIndex Unsigned32,
|
|
ccreFeatureElementName SnmpAdminString,
|
|
ccreFeatureElementType INTEGER ,
|
|
ccreFeatureRowStatus RowStatus
|
|
}
|
|
|
|
ccreFeatureName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (1..32))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Identifies the feature or the feature group for which
|
|
this entry represents an element.
|
|
|
|
This object is the same as the commonRoleFeatureName."
|
|
::= { ccreFeatureElementEntry 1 }
|
|
|
|
ccreFeatureElementIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..4294967295 )
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index value for this element which uniquely
|
|
distinguishes it from all other elements of same
|
|
feature."
|
|
::= { ccreFeatureElementEntry 2 }
|
|
|
|
ccreFeatureElementName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (1..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Name of the feature element represented by this row."
|
|
::= { ccreFeatureElementEntry 3 }
|
|
|
|
ccreFeatureElementType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
command(1),
|
|
feature(2),
|
|
none(3)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An indication of the type of element represented by
|
|
this row.
|
|
|
|
When this field has the value 'command', this row
|
|
represents a command name.
|
|
|
|
When this field has the value 'feature', this row
|
|
represents a feature name.
|
|
|
|
This field must have the value 'none' when a
|
|
feature could not otherwise be represented in this
|
|
table because the feature does not yet have any
|
|
elements defined for it. When features are added to
|
|
an empty feature-group, the row with element type
|
|
'none' is still maintained in this table. Deleting this
|
|
row (with type as 'none') will delete the feature group
|
|
and all other rows representing relationship between
|
|
this feature group and its members.
|
|
|
|
A feature should have at least one element, whereas a
|
|
feature-group may have zero or more entries.
|
|
|
|
All entries in this table are persistent across device
|
|
reboots"
|
|
::= { ccreFeatureElementEntry 4 }
|
|
|
|
ccreFeatureRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Status of this row."
|
|
::= { ccreFeatureElementEntry 5 }
|
|
|
|
|
|
-- ccreRoleTable
|
|
|
|
ccreRoleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CcreRoleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table lists all the common roles configured on this
|
|
device. Common roles are the user roles which are common
|
|
across SNMP and CLI.
|
|
|
|
A device implementing this MIB need not implement the
|
|
objects that form a conceptual row in the
|
|
'commonRoleTable' defined in the CISCO-COMMON-ROLES MIB.
|
|
|
|
This table and the 'commonRoleTable' table both have
|
|
one entry per Role defined on the device. However unlike
|
|
the 'commonRoleTable', this table does not contain any
|
|
scope restriction information. The scope restriction
|
|
information instead is contained in the
|
|
'ccreRoleScopeTable' Table.
|
|
|
|
If a device implements this this table along with
|
|
'commonRoleTable' a row existing in
|
|
'commonRoleTable' should also exist in this table and
|
|
vice versa.
|
|
|
|
All entries in this table are persistent across device
|
|
reboots."
|
|
::= { ccreRoleConfig 2 }
|
|
|
|
ccreRoleEntry OBJECT-TYPE
|
|
SYNTAX CcreRoleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry (conceptual row) in the ccreRoleTable.
|
|
One entry per role defined on the device."
|
|
INDEX { ccreRoleName }
|
|
::= { ccreRoleTable 1 }
|
|
|
|
CcreRoleEntry ::= SEQUENCE {
|
|
ccreRoleName SnmpAdminString,
|
|
ccreRoleDescription SnmpAdminString,
|
|
ccreRoleResourceAccess CcreResourceAccess,
|
|
ccreRoleRowStatus RowStatus
|
|
}
|
|
|
|
ccreRoleName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (1..16))
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Name of the common role. This is same as
|
|
commonRoleName."
|
|
::= { ccreRoleEntry 1 }
|
|
|
|
ccreRoleDescription OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (0..64))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Description of the common role. This is same as
|
|
commonRoleDescription."
|
|
::= { ccreRoleEntry 2 }
|
|
|
|
ccreRoleResourceAccess OBJECT-TYPE
|
|
SYNTAX CcreResourceAccess
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Defines the default access to the resources to which
|
|
access can be controlled.
|
|
|
|
vsan(0)
|
|
Bit value of 0 indicates that the user has access
|
|
to no VSANs. However a user can be selectively
|
|
assigned access to VSANs and each such accessible
|
|
VSAN will have an entry in the 'ccreRoleScopeTable'.
|
|
Bit value of 1 indicates that the user has access
|
|
to all VSANs. In this case there are no VSAN entries
|
|
in the 'ccreRoleScopeTable'. Setting the bit to 1
|
|
results in deletion of all VSAN entries from the
|
|
ccreRoleScopeTable, for the role identified by
|
|
'ccreRoleName'.
|
|
|
|
vlan(1)
|
|
Bit value of 0 indicates that the user has access
|
|
to no VLANs. However a user can be selectively
|
|
assigned access to VLANs and each such accessible
|
|
VLAN will have an entry in the 'ccreRoleScopeTable'.
|
|
Bit value of 1 indicates that the user has access
|
|
to all VLANs. In this case there are no VLAN entries
|
|
in the 'ccreRoleScopeTable'. Setting the bit to 1
|
|
results in deletion of all VLAN entries from the
|
|
ccreRoleScopeTable, for the role identified by
|
|
'ccreRoleName'.
|
|
|
|
interface(2)
|
|
Bit value of 0 indicates that the user has access
|
|
to no Interfaces. However a user can be selectively
|
|
assigned access to interfaces and each such accessible
|
|
interface will have an entry in the 'ccreRoleScopeTable'.
|
|
Bit value of 1 indicates that the user has access
|
|
to all interfaces. In this case there are no interface
|
|
entries in the 'ccreRoleScopeTable'. Setting the bit to 1
|
|
results in deletion of all interface entries from the
|
|
ccreRoleScopeTable, for the role identified by
|
|
'ccreRoleName'.
|
|
|
|
For example a role which has access to all VSANs,
|
|
all VLANs and no Interface will have this field set
|
|
as
|
|
- - -
|
|
|0|1|1|
|
|
- - -"
|
|
::= { ccreRoleEntry 3 }
|
|
|
|
ccreRoleRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Status of this role."
|
|
::= { ccreRoleEntry 4 }
|
|
|
|
|
|
-- ccreRoleScopeTable
|
|
|
|
ccreRoleScopeTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CcreRoleScopeEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table lists the resources to which a user belonging
|
|
to a role can access.
|
|
|
|
A role may be restricted from accessing various
|
|
resources of a device. This table lists the resources
|
|
that a role can access.
|
|
|
|
If for a role there is no entry in this table, then
|
|
restriction, if any, is determined by the
|
|
ccrePermitAllPolicies object in the ccreRoleTable.
|
|
|
|
Each resource (VSAN, VLAN or Interface) to which a role
|
|
has access to, has a separate entry in the table.
|
|
For e.g. if a role has access to VLAN 1, 2, 6 and 7;
|
|
VSAN 2, 5 and 8 and interface 2/1 and 2/3, this table
|
|
will have 9 entries, 4 for VSANs, 3 for VLANs and 2 for
|
|
Interfaces.
|
|
|
|
Entries in this table can be created/deleted using
|
|
ccreRoleScopeRowStatus.
|
|
|
|
The table provides the same information as
|
|
'commonRoleScopeRestriction', 'commonRoleScope1' and
|
|
'commonRoleScope2' but in a different way.
|
|
|
|
The object 'commonRoleScope1' and 'commonRoleScope2'
|
|
are 256*8 bit mask with each bit representing a VLAN.
|
|
'commonRoleScope1' identifies VLANS 1 to 2048 whereas
|
|
'commonRoleScope2' identifies VLANS 2049 to 4096.
|
|
|
|
In this table, there is a separate entry for each VSAN,
|
|
along with separate entry for each VLAN and Interface
|
|
to which a role has access. The purpose of this table
|
|
is to remove the limit of 4096 that are supported by
|
|
'commonRoleTable'.
|
|
|
|
All entries in this table are persistent across device
|
|
reboots"
|
|
::= { ccreRoleConfig 3 }
|
|
|
|
ccreRoleScopeEntry OBJECT-TYPE
|
|
SYNTAX CcreRoleScopeEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry (conceptual row) in the ccreRoleScopeTable.
|
|
|
|
There is one entry for each different scope value of a
|
|
Role. If a Role 'R1' is defined to have scope on
|
|
VSAN-1, VSAN-2, VLAN-1, VLAN#, Interface fc1/1 and
|
|
fc1/2, then there will be six entries for role 'R1' in
|
|
this table, one each for VSAN-1, VSAN2, VLAN-1, VLAN-1,
|
|
fc1/1 and fc1/2."
|
|
INDEX {
|
|
ccreRoleName,
|
|
ccreRoleScopeIndex
|
|
}
|
|
::= { ccreRoleScopeTable 1 }
|
|
|
|
CcreRoleScopeEntry ::= SEQUENCE {
|
|
ccreRoleScopeIndex Unsigned32,
|
|
ccreRoleScopeRestriction INTEGER ,
|
|
ccreRoleScopeValue Integer32,
|
|
ccreRoleScopeRowStatus RowStatus
|
|
}
|
|
|
|
ccreRoleScopeIndex OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..4294967295 )
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An index value for this entry which uniquely
|
|
distinguishes it from all other entries for same
|
|
Role."
|
|
::= { ccreRoleScopeEntry 1 }
|
|
|
|
ccreRoleScopeRestriction OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
vsan(1),
|
|
vlan(2),
|
|
interface(3)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object indicates the type of the scope restriction
|
|
about which the information is provided by row."
|
|
::= { ccreRoleScopeEntry 2 }
|
|
|
|
ccreRoleScopeValue OBJECT-TYPE
|
|
SYNTAX Integer32 (1..2147483647 )
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object identifies the resource this role
|
|
can access.
|
|
|
|
If the value of 'ccreRoleScopeRestriction' is 'vsan'
|
|
or 'vlan', this object specifies the Id (which is
|
|
a number) of the VSAN/VLAN.
|
|
|
|
If the value of 'ccreRoleScopeRestriction' is
|
|
'interface', this object specifies the IfIndex
|
|
of the interface."
|
|
::= { ccreRoleScopeEntry 3 }
|
|
|
|
ccreRoleScopeRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Status of this scope restriction entry."
|
|
::= { ccreRoleScopeEntry 4 }
|
|
|
|
|
|
-- ccreRuleTable
|
|
|
|
ccreRuleTable OBJECT-TYPE
|
|
SYNTAX SEQUENCE OF CcreRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This table lists all the rules configured for roles
|
|
defined in the ccreRoleTable. Each rule defines the
|
|
access (permit/deny) allowed to a particular command,
|
|
feature or a feature group.
|
|
|
|
Entries in this table are also created/deleted using
|
|
ccreRuleRowStatus.
|
|
|
|
A row in this table cannot be made 'active' until a
|
|
value is explicitly provided for that row's instances
|
|
of following objects :
|
|
- ccreRuleOperation
|
|
|
|
If ccreRuleFeatureElementName is a command,
|
|
then
|
|
- ccreRuleOperation is not needed to be set
|
|
|
|
A device implementing this MIB need not implement the
|
|
objects that form a conceptual row in the
|
|
'commonRuleRoleTable' table, which is defined in the
|
|
CISCO-COMMON-ROLES-MIB.
|
|
|
|
There is no relation between the rows in
|
|
'commonRuleRoleTable' and this table as both define
|
|
different operation types. Each table can have rows
|
|
with no corresponding rows in other table.
|
|
|
|
All entries in this table are persistent across device
|
|
reboots"
|
|
::= { ccreRuleConfig 2 }
|
|
|
|
ccreRuleEntry OBJECT-TYPE
|
|
SYNTAX CcreRuleEntry
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"An entry (conceptual row) in the ccreRuleRuleTable.
|
|
|
|
There is one entry for each Rule contained in a Role.
|
|
For eg. if a Role 'R1' has 6 rules, there will be
|
|
six entries for Role 'R1'."
|
|
INDEX {
|
|
ccreRoleName,
|
|
ccreRuleNumber
|
|
}
|
|
::= { ccreRuleTable 1 }
|
|
|
|
CcreRuleEntry ::= SEQUENCE {
|
|
ccreRuleNumber Unsigned32,
|
|
ccreRuleFeatureElementName SnmpAdminString,
|
|
ccreRuleFeatureElementType INTEGER ,
|
|
ccreRuleOperation CcreOperation,
|
|
ccreRuleOperationPermitted TruthValue,
|
|
ccreRuleRowStatus RowStatus
|
|
}
|
|
|
|
ccreRuleNumber OBJECT-TYPE
|
|
SYNTAX Unsigned32 (1..256)
|
|
MAX-ACCESS not-accessible
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A unique index for a rule in a particular role.
|
|
The rule are applied according to their rule
|
|
number, i.e. Rule 1 will be the first rule applied
|
|
followed by Rule 2 and so on.
|
|
|
|
Rule numbers need not be contiguous, for e.g. a Role
|
|
can have three rule numbered 1, 4 & 7. Further when
|
|
a new rule is added to this Role it can be rule number
|
|
2 or 5 or 9 (any number other than 1, 4 and 7)."
|
|
::= { ccreRuleEntry 1 }
|
|
|
|
ccreRuleFeatureElementName OBJECT-TYPE
|
|
SYNTAX SnmpAdminString (SIZE (0..32))
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Name of the command or feature or feature group.
|
|
If this is a zero-length string, then this rule applies
|
|
to all the features supported on the device as
|
|
enumerated in commonRoleFeatureTable."
|
|
DEFVAL { ''H }
|
|
::= { ccreRuleEntry 2 }
|
|
|
|
ccreRuleFeatureElementType OBJECT-TYPE
|
|
SYNTAX INTEGER {
|
|
command(1),
|
|
feature(2),
|
|
featureGroup(3),
|
|
all(4)
|
|
}
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Specifies the type of entry (command or feature or
|
|
feature group) as specified by the object
|
|
ccreRuleFeatureElementName"
|
|
::= { ccreRuleEntry 3 }
|
|
|
|
ccreRuleOperation OBJECT-TYPE
|
|
SYNTAX CcreOperation
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The operation for this rule."
|
|
::= { ccreRuleEntry 4 }
|
|
|
|
ccreRuleOperationPermitted OBJECT-TYPE
|
|
SYNTAX TruthValue
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"This object tells if the operation
|
|
`ccreRuleOperation' is permitted or denied.
|
|
The operation is permitted if
|
|
the value of this object is `true'.
|
|
If the value of the object is 'false', the operation is
|
|
not permitted."
|
|
DEFVAL { true }
|
|
::= { ccreRuleEntry 5 }
|
|
|
|
ccreRuleRowStatus OBJECT-TYPE
|
|
SYNTAX RowStatus
|
|
MAX-ACCESS read-create
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Status of this rule."
|
|
::= { ccreRuleEntry 6 }
|
|
|
|
|
|
-- Conformance
|
|
|
|
ccreMIBCompliances OBJECT IDENTIFIER
|
|
::= { ciscoCommonRolesExtMIBConformance 1 }
|
|
|
|
ccreMIBGroups OBJECT IDENTIFIER
|
|
::= { ciscoCommonRolesExtMIBConformance 2 }
|
|
|
|
|
|
ccreMIBCompliance MODULE-COMPLIANCE
|
|
STATUS current
|
|
DESCRIPTION
|
|
"The compliance statement for entities which
|
|
implement the CISCO-COMMON-ROLES-EXT-MIB."
|
|
MODULE -- this module
|
|
MANDATORY-GROUPS { ccreConfigurationGroup }
|
|
|
|
OBJECT ccreFeatureElementName
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Support for write/create access is not required."
|
|
|
|
OBJECT ccreFeatureElementType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Support for write/create access is not required."
|
|
|
|
OBJECT ccreFeatureRowStatus
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Support for write/create access is not required."
|
|
|
|
OBJECT ccreRoleDescription
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Support for write/create access is not required."
|
|
|
|
OBJECT ccreRoleResourceAccess
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Support for write/create access is not required."
|
|
|
|
OBJECT ccreRoleRowStatus
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Support for write/create access is not required."
|
|
|
|
OBJECT ccreRoleScopeRestriction
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Support for write/create access is not required."
|
|
|
|
OBJECT ccreRoleScopeValue
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Support for write/create access is not required."
|
|
|
|
OBJECT ccreRoleScopeRowStatus
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Support for write/create access is not required."
|
|
|
|
OBJECT ccreRuleFeatureElementName
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Support for write/create access is not required."
|
|
|
|
OBJECT ccreRuleFeatureElementType
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Support for write/create access is not required."
|
|
|
|
OBJECT ccreRuleOperation
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Support for write/create access is not required."
|
|
|
|
OBJECT ccreRuleOperationPermitted
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Support for write/create access is not required."
|
|
|
|
OBJECT ccreRuleRowStatus
|
|
MIN-ACCESS read-only
|
|
DESCRIPTION
|
|
"Support for write/create access is not required."
|
|
|
|
MODULE CISCO-COMMON-ROLES-MIB
|
|
MANDATORY-GROUPS { ccrmConfigurationExtGroup }
|
|
|
|
OBJECT commonRoleSupportedOperation
|
|
SYNTAX BITS {
|
|
read(5),
|
|
readWrite(6)
|
|
}
|
|
DESCRIPTION
|
|
"Only 'read', 'readWrite' need to be supported."
|
|
::= { ccreMIBCompliances 1 }
|
|
|
|
-- Units of Conformance
|
|
|
|
ccreConfigurationGroup OBJECT-GROUP
|
|
OBJECTS {
|
|
ccreFeatureElementName,
|
|
ccreFeatureElementType,
|
|
ccreFeatureRowStatus,
|
|
ccreRoleDescription,
|
|
ccreRoleResourceAccess,
|
|
ccreRoleRowStatus,
|
|
ccreRoleScopeRestriction,
|
|
ccreRoleScopeValue,
|
|
ccreRoleScopeRowStatus,
|
|
ccreRuleFeatureElementName,
|
|
ccreRuleFeatureElementType,
|
|
ccreRuleOperation,
|
|
ccreRuleOperationPermitted,
|
|
ccreRuleRowStatus
|
|
}
|
|
STATUS current
|
|
DESCRIPTION
|
|
"A collection of objects for Common Roles
|
|
Extention configuration."
|
|
::= { ccreMIBGroups 1 }
|
|
|
|
END
|
|
|