Vacm

From Net-SNMP Wiki
Revision as of 15:46, 19 December 2006 by Rstory (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Restricting access to a particular index (row) in a Table

Using the view directive in snmpd.conf, one can limit users to a single row in a table. To do this , the optional mask parameter is specified. Here is an excerpt from the man page: 

      view NAME TYPE SUBTREE [MASK]
             The defines the named view. TYPE is either included
             or  excluded.   MASK is a list of hex octets, sepa-
             rated by '.' or ':'.  The MASK defaults to "ff"  if
             not specified.

             The  reason  for the mask is, that it allows you to
             control access to one row in a table,  in  a  rela-
             tively  simple  way.  As  an example, as an ISP you
             might consider giving each customer access  to  his
             or her own interface:

             view cust1 included interfaces.ifTable.ifEntry.ifIndex.1 ff.a0
             view cust2 included interfaces.ifTable.ifEntry.ifIndex.2 ff.a0

             (interfaces.ifTable.ifEntry.ifIndex.1 == .1.3.6.1.2.1.2.2.1.1.1,
             ff.a0 == 11111111.10100000. which nicely covers up and including
             the row index, but lets the user vary the field of the row)
Retrieved from "http://www.net-snmp.org/wiki/index.php?title=Vacm&oldid=1930"