| Description | To facilitate the provisioning of access control by a
security administrator using the View-Based Access
Control Model (RFC 2575, VACM) for tables in which
multiple users may need to create or
modify entries independently, the initial index is used as
an 'owner index'. Such an initial index has a syntax of
SnmpAdminString and can thus be trivially mapped to a
securityName or groupName defined in VACM, in
accordance with a security policy.
When used in conjunction with such a security policy all
entries in the table belonging to a particular user (or
group) will have the same value for this initial index.
For a given user's entries in a particular table, the
object identifiers for the information in these entries
will have the same subidentifiers (except for the
'column' subidentifier) up to the end of the encoded
owner index. To configure VACM to permit access to this
portion of the table, one would create
vacmViewTreeFamilyTable entries with the value of
vacmViewTreeFamilySubtree including the owner index
portion, and vacmViewTreeFamilyMask 'wildcarding' the
column subidentifier. More elaborate configurations
are possible. |