MIB module for managing the common roles between access methods like Command Line Interface (CLI), SNMP and XML interfaces. Every user on a device is associated with a role. A user role defines access rights afforded to the users that belog to this role. A role specifies which commands/operations a user is able to perform on what information. SNMP uses VACM (View-based Access Control Model) group to define access rights. Both SNMPv1/v2c community and SNMPv3 user have to belong to a group in order to access information. CLI uses proprietary mechanisms to define the access rights. Most of them depend on the underlying operating system. Groups created from SNMP are not same as the roles created from CLI unless they are synchronized. In addition to this, views make up the roles in VACM where was some kind of internal rules make the roles in the CLI. This MIB describes a framework in which a role defined independent of access methods. It is up to the the particular access method to convert this framework information into the native information. For example, SNMP needs to convert common role framework to VACM. Note that this framework could be also used for any other access methods other than SNMP and CLI. The framework needs a list of features and list of operations they can support. Features provide the data context and are system dependent. Operations are the actions that can be done on the data. The role are defined in terms of rules. Rules are essentially access rights which specify if a certain operation on a feature is permitted or not.
Cisco Systems Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553 -NETS E-mail: cs-san@cisco.com
Revisions
2003-09-15 00:00
Added DEFVAL to commonRoleRuleFeatureName. Also, removed
commonRoleRuleFeatureName from mandatory object list while
creating row in the commonRoleRuleTable.