Connected: An Internet Encyclopedia
2.13. SNMPv2 Access Control Policy
Up:
Connected: An Internet Encyclopedia
Up:
Requests For Comments
Up:
RFC 1445
Up:
2. Elements of the Model
Prev: 2.12. SNMPv2 Management Communication Class
Next: 3. Elements of Procedure
2.13. SNMPv2 Access Control Policy
2.13. SNMPv2 Access Control Policy
A SNMPv2 access control policy is a specification of a local
access policy in terms of a SNMPv2 context and the management
communication classes which are authorized between a pair of
SNMPv2 parties. Architecturally, such a specification
comprises four parts:
- the targets of SNMPv2 access control - the SNMPv2 parties
that may perform management operations as requested by
management communications received from other parties,
- the subjects of SNMPv2 access control - the SNMPv2
parties that may request, by sending management
communications to other parties, that management
operations be performed,
- the managed object resources of SNMPv2 access control -
the SNMPv2 contexts which identify the management
information on which requested management operations are
to be performed, and
- the policy that specifies the classes of SNMPv2
management communications pertaining to a particular
SNMPv2 context that a particular target is authorized to
accept from a particular subject.
Conceptually, a SNMPv2 access policy is represented by a
collection of ASN.1 values with the following syntax:
AclEntry ::= SEQUENCE {
aclTarget
OBJECT IDENTIFIER,
aclSubject
OBJECT IDENTIFIER,
aclResources
OBJECT IDENTIFIER,
aclPrivileges
INTEGER
}
For each such value that represents one part of a SNMPv2
access policy, the following statements are true:
- Its aclTarget component is called the target and
identifies the SNMPv2 party to which the partial policy
permits access.
- Its aclSubject component is called the subject and
identifies the SNMPv2 party to which the partial policy
grants privileges.
- Its aclResources component is called the managed object
resources and identifies the SNMPv2 context referenced by
the partial policy.
- Its aclPrivileges component is called the privileges and
represents a set of SNMPv2 management communication
classes which, when they reference the specified SNMPv2
context, are authorized to be processed by the specified
target party when received from the specified subject
party.
The application of SNMPv2 access control policy only occurs on
receipt of management communications; it is not applied on
transmission of management communications. Note, however,
that ASN.1 values, having the syntax AclEntry, are also used
in determining the destinations of a SNMPv2-Trap [2].
Next: 3. Elements of Procedure
Connected: An Internet Encyclopedia
2.13. SNMPv2 Access Control Policy