telemetry-snmp 0.1.0

data/lib/telemetry/snmp/mibs/SNMP-VIEW-BASED-ACM-MIB.txt

@@ -0,0 +1,830 @@
+SNMP-VIEW-BASED-ACM-MIB DEFINITIONS ::= BEGIN
+
+IMPORTS
+    MODULE-COMPLIANCE, OBJECT-GROUP       FROM SNMPv2-CONF
+    MODULE-IDENTITY, OBJECT-TYPE,
+    snmpModules                           FROM SNMPv2-SMI
+    TestAndIncr,
+    RowStatus, StorageType                FROM SNMPv2-TC
+    SnmpAdminString,
+    SnmpSecurityLevel,
+    SnmpSecurityModel                     FROM SNMP-FRAMEWORK-MIB;
+
+snmpVacmMIB       MODULE-IDENTITY
+    LAST-UPDATED "200210160000Z"          -- 16 Oct 2002, midnight
+    ORGANIZATION "SNMPv3 Working Group"
+    CONTACT-INFO "WG-email:   snmpv3@lists.tislabs.com
+                  Subscribe:  majordomo@lists.tislabs.com
+                              In message body:  subscribe snmpv3
+
+                  Co-Chair:   Russ Mundy
+                              Network Associates Laboratories
+                  postal:     15204 Omega Drive, Suite 300
+                              Rockville, MD 20850-4601
+                              USA
+                  email:      mundy@tislabs.com
+                  phone:      +1 301-947-7107
+
+                  Co-Chair:   David Harrington
+                              Enterasys Networks
+                  Postal:     35 Industrial Way
+                              P. O. Box 5004
+                              Rochester, New Hampshire 03866-5005
+                              USA
+                  EMail:      dbh@enterasys.com
+                  Phone:      +1 603-337-2614
+
+                  Co-editor:  Bert Wijnen
+                              Lucent Technologies
+                  postal:     Schagen 33
+                              3461 GL Linschoten
+                              Netherlands
+                  email:      bwijnen@lucent.com
+                  phone:      +31-348-480-685
+
+                  Co-editor:  Randy Presuhn
+                              BMC Software, Inc.
+
+                  postal:     2141 North First Street
+                              San Jose, CA 95131
+                              USA
+                  email:      randy_presuhn@bmc.com
+                  phone:      +1 408-546-1006
+
+                  Co-editor:  Keith McCloghrie
+                              Cisco Systems, Inc.
+                  postal:     170 West Tasman Drive
+                              San Jose, CA  95134-1706
+                              USA
+                  email:      kzm@cisco.com
+                  phone:      +1-408-526-5260
+                 "
+    DESCRIPTION  "The management information definitions for the
+                  View-based Access Control Model for SNMP.
+
+                  Copyright (C) The Internet Society (2002). This
+                  version of this MIB module is part of RFC 3415;
+                  see the RFC itself for full legal notices.
+                 "
+--  Revision history
+
+    REVISION     "200210160000Z"          -- 16 Oct 2002, midnight
+    DESCRIPTION  "Clarifications, published as RFC3415"
+
+    REVISION     "199901200000Z"          -- 20 Jan 1999, midnight
+    DESCRIPTION  "Clarifications, published as RFC2575"
+
+    REVISION     "199711200000Z"          -- 20 Nov 1997, midnight
+    DESCRIPTION  "Initial version, published as RFC2275"
+    ::= { snmpModules 16 }
+
+-- Administrative assignments ****************************************
+
+vacmMIBObjects      OBJECT IDENTIFIER ::= { snmpVacmMIB 1 }
+vacmMIBConformance  OBJECT IDENTIFIER ::= { snmpVacmMIB 2 }
+
+-- Information about Local Contexts **********************************
+
+vacmContextTable OBJECT-TYPE
+    SYNTAX       SEQUENCE OF VacmContextEntry
+    MAX-ACCESS   not-accessible
+    STATUS       current
+    DESCRIPTION "The table of locally available contexts.
+
+                 This table provides information to SNMP Command
+
+                 Generator applications so that they can properly
+                 configure the vacmAccessTable to control access to
+                 all contexts at the SNMP entity.
+
+                 This table may change dynamically if the SNMP entity
+                 allows that contexts are added/deleted dynamically
+                 (for instance when its configuration changes).  Such
+                 changes would happen only if the management
+                 instrumentation at that SNMP entity recognizes more
+                 (or fewer) contexts.
+
+                 The presence of entries in this table and of entries
+                 in the vacmAccessTable are independent.  That is, a
+                 context identified by an entry in this table is not
+                 necessarily referenced by any entries in the
+                 vacmAccessTable; and the context(s) referenced by an
+                 entry in the vacmAccessTable does not necessarily
+                 currently exist and thus need not be identified by an
+                 entry in this table.
+
+                 This table must be made accessible via the default
+                 context so that Command Responder applications have
+                 a standard way of retrieving the information.
+
+                 This table is read-only.  It cannot be configured via
+                 SNMP.
+                "
+    ::= { vacmMIBObjects 1 }
+
+vacmContextEntry OBJECT-TYPE
+    SYNTAX       VacmContextEntry
+    MAX-ACCESS   not-accessible
+    STATUS       current
+    DESCRIPTION "Information about a particular context."
+    INDEX       {
+                  vacmContextName
+                }
+    ::= { vacmContextTable 1 }
+
+VacmContextEntry ::= SEQUENCE
+    {
+        vacmContextName SnmpAdminString
+    }
+
+vacmContextName  OBJECT-TYPE
+    SYNTAX       SnmpAdminString (SIZE(0..32))
+    MAX-ACCESS   read-only
+    STATUS       current
+    DESCRIPTION "A human readable name identifying a particular
+                 context at a particular SNMP entity.
+
+                 The empty contextName (zero length) represents the
+                 default context.
+                "
+    ::= { vacmContextEntry 1 }
+
+-- Information about Groups ******************************************
+
+vacmSecurityToGroupTable OBJECT-TYPE
+    SYNTAX       SEQUENCE OF VacmSecurityToGroupEntry
+    MAX-ACCESS   not-accessible
+    STATUS       current
+    DESCRIPTION "This table maps a combination of securityModel and
+                 securityName into a groupName which is used to define
+                 an access control policy for a group of principals.
+                "
+    ::= { vacmMIBObjects 2 }
+
+vacmSecurityToGroupEntry OBJECT-TYPE
+    SYNTAX       VacmSecurityToGroupEntry
+    MAX-ACCESS   not-accessible
+    STATUS       current
+    DESCRIPTION "An entry in this table maps the combination of a
+                 securityModel and securityName into a groupName.
+                "
+    INDEX       {
+                  vacmSecurityModel,
+                  vacmSecurityName
+                }
+    ::= { vacmSecurityToGroupTable 1 }
+
+VacmSecurityToGroupEntry ::= SEQUENCE
+    {
+        vacmSecurityModel               SnmpSecurityModel,
+        vacmSecurityName                SnmpAdminString,
+        vacmGroupName                   SnmpAdminString,
+        vacmSecurityToGroupStorageType  StorageType,
+        vacmSecurityToGroupStatus       RowStatus
+    }
+
+vacmSecurityModel OBJECT-TYPE
+    SYNTAX       SnmpSecurityModel(1..2147483647)
+    MAX-ACCESS   not-accessible
+    STATUS       current
+    DESCRIPTION "The Security Model, by which the vacmSecurityName
+                 referenced by this entry is provided.
+
+                 Note, this object may not take the 'any' (0) value.
+                "
+    ::= { vacmSecurityToGroupEntry 1 }
+
+vacmSecurityName OBJECT-TYPE
+    SYNTAX       SnmpAdminString (SIZE(1..32))
+    MAX-ACCESS   not-accessible
+    STATUS       current
+    DESCRIPTION "The securityName for the principal, represented in a
+                 Security Model independent format, which is mapped by
+                 this entry to a groupName.
+                "
+    ::= { vacmSecurityToGroupEntry 2 }
+
+vacmGroupName    OBJECT-TYPE
+    SYNTAX       SnmpAdminString (SIZE(1..32))
+    MAX-ACCESS   read-create
+    STATUS       current
+    DESCRIPTION "The name of the group to which this entry (e.g., the
+                 combination of securityModel and securityName)
+                 belongs.
+
+                 This groupName is used as index into the
+                 vacmAccessTable to select an access control policy.
+                 However, a value in this table does not imply that an
+                 instance with the value exists in table vacmAccesTable.
+                "
+    ::= { vacmSecurityToGroupEntry 3 }
+
+vacmSecurityToGroupStorageType OBJECT-TYPE
+    SYNTAX       StorageType
+    MAX-ACCESS   read-create
+    STATUS       current
+    DESCRIPTION "The storage type for this conceptual row.
+                 Conceptual rows having the value 'permanent' need not
+                 allow write-access to any columnar objects in the row.
+                "
+    DEFVAL      { nonVolatile }
+    ::= { vacmSecurityToGroupEntry 4 }
+
+vacmSecurityToGroupStatus OBJECT-TYPE
+    SYNTAX       RowStatus
+    MAX-ACCESS   read-create
+    STATUS       current
+    DESCRIPTION "The status of this conceptual row.
+
+                 Until instances of all corresponding columns are
+                 appropriately configured, the value of the
+
+                 corresponding instance of the vacmSecurityToGroupStatus
+                 column is 'notReady'.
+
+                 In particular, a newly created row cannot be made
+                 active until a value has been set for vacmGroupName.
+
+                 The  RowStatus TC [RFC2579] requires that this
+                 DESCRIPTION clause states under which circumstances
+                 other objects in this row can be modified:
+
+                 The value of this object has no effect on whether
+                 other objects in this conceptual row can be modified.
+                "
+    ::= { vacmSecurityToGroupEntry 5 }
+
+-- Information about Access Rights ***********************************
+
+vacmAccessTable  OBJECT-TYPE
+    SYNTAX       SEQUENCE OF VacmAccessEntry
+    MAX-ACCESS   not-accessible
+    STATUS       current
+    DESCRIPTION "The table of access rights for groups.
+
+                 Each entry is indexed by a groupName, a contextPrefix,
+                 a securityModel and a securityLevel.  To determine
+                 whether access is allowed, one entry from this table
+                 needs to be selected and the proper viewName from that
+                 entry must be used for access control checking.
+
+                 To select the proper entry, follow these steps:
+
+                 1) the set of possible matches is formed by the
+                    intersection of the following sets of entries:
+
+                      the set of entries with identical vacmGroupName
+                      the union of these two sets:
+                       - the set with identical vacmAccessContextPrefix
+                       - the set of entries with vacmAccessContextMatch
+                         value of 'prefix' and matching
+                         vacmAccessContextPrefix
+                      intersected with the union of these two sets:
+                       - the set of entries with identical
+                         vacmSecurityModel
+                       - the set of entries with vacmSecurityModel
+                         value of 'any'
+                      intersected with the set of entries with
+                      vacmAccessSecurityLevel value less than or equal
+                      to the requested securityLevel
+
+                 2) if this set has only one member, we're done
+                    otherwise, it comes down to deciding how to weight
+                    the preferences between ContextPrefixes,
+                    SecurityModels, and SecurityLevels as follows:
+                    a) if the subset of entries with securityModel
+                       matching the securityModel in the message is
+                       not empty, then discard the rest.
+                    b) if the subset of entries with
+                       vacmAccessContextPrefix matching the contextName
+                       in the message is not empty,
+                       then discard the rest
+                    c) discard all entries with ContextPrefixes shorter
+                       than the longest one remaining in the set
+                    d) select the entry with the highest securityLevel
+
+                 Please note that for securityLevel noAuthNoPriv, all
+                 groups are really equivalent since the assumption that
+                 the securityName has been authenticated does not hold.
+                "
+    ::= { vacmMIBObjects 4 }
+
+vacmAccessEntry  OBJECT-TYPE
+    SYNTAX       VacmAccessEntry
+    MAX-ACCESS   not-accessible
+    STATUS       current
+    DESCRIPTION "An access right configured in the Local Configuration
+                 Datastore (LCD) authorizing access to an SNMP context.
+
+                 Entries in this table can use an instance value for
+                 object vacmGroupName even if no entry in table
+                 vacmAccessSecurityToGroupTable has a corresponding
+                 value for object vacmGroupName.
+                "
+    INDEX       { vacmGroupName,
+                  vacmAccessContextPrefix,
+                  vacmAccessSecurityModel,
+                  vacmAccessSecurityLevel
+                }
+    ::= { vacmAccessTable 1 }
+
+VacmAccessEntry ::= SEQUENCE
+    {
+        vacmAccessContextPrefix    SnmpAdminString,
+        vacmAccessSecurityModel    SnmpSecurityModel,
+        vacmAccessSecurityLevel    SnmpSecurityLevel,
+        vacmAccessContextMatch     INTEGER,
+        vacmAccessReadViewName     SnmpAdminString,
+        vacmAccessWriteViewName    SnmpAdminString,
+        vacmAccessNotifyViewName   SnmpAdminString,
+        vacmAccessStorageType      StorageType,
+        vacmAccessStatus           RowStatus
+    }
+
+vacmAccessContextPrefix OBJECT-TYPE
+    SYNTAX       SnmpAdminString (SIZE(0..32))
+    MAX-ACCESS   not-accessible
+    STATUS       current
+    DESCRIPTION "In order to gain the access rights allowed by this
+                 conceptual row, a contextName must match exactly
+                 (if the value of vacmAccessContextMatch is 'exact')
+                 or partially (if the value of vacmAccessContextMatch
+                 is 'prefix') to the value of the instance of this
+                 object.
+                "
+    ::= { vacmAccessEntry 1 }
+
+vacmAccessSecurityModel OBJECT-TYPE
+    SYNTAX       SnmpSecurityModel
+    MAX-ACCESS   not-accessible
+    STATUS       current
+    DESCRIPTION "In order to gain the access rights allowed by this
+                 conceptual row, this securityModel must be in use.
+                "
+    ::= { vacmAccessEntry 2 }
+
+vacmAccessSecurityLevel OBJECT-TYPE
+    SYNTAX       SnmpSecurityLevel
+    MAX-ACCESS   not-accessible
+    STATUS       current
+    DESCRIPTION "The minimum level of security required in order to
+                 gain the access rights allowed by this conceptual
+                 row.  A securityLevel of noAuthNoPriv is less than
+                 authNoPriv which in turn is less than authPriv.
+
+                 If multiple entries are equally indexed except for
+                 this vacmAccessSecurityLevel index, then the entry
+                 which has the highest value for
+                 vacmAccessSecurityLevel is selected.
+                "
+    ::= { vacmAccessEntry 3 }
+
+vacmAccessContextMatch OBJECT-TYPE
+    SYNTAX       INTEGER
+                { exact (1), -- exact match of prefix and contextName
+                  prefix (2) -- Only match to the prefix
+                }
+    MAX-ACCESS   read-create
+    STATUS       current
+    DESCRIPTION "If the value of this object is exact(1), then all
+                 rows where the contextName exactly matches
+                 vacmAccessContextPrefix are selected.
+
+                 If the value of this object is prefix(2), then all
+                 rows where the contextName whose starting octets
+                 exactly match vacmAccessContextPrefix are selected.
+                 This allows for a simple form of wildcarding.
+                "
+    DEFVAL      { exact }
+    ::= { vacmAccessEntry 4 }
+
+vacmAccessReadViewName OBJECT-TYPE
+    SYNTAX       SnmpAdminString (SIZE(0..32))
+    MAX-ACCESS   read-create
+    STATUS       current
+    DESCRIPTION "The value of an instance of this object identifies
+                 the MIB view of the SNMP context to which this
+                 conceptual row authorizes read access.
+
+                 The identified MIB view is that one for which the
+                 vacmViewTreeFamilyViewName has the same value as the
+                 instance of this object; if the value is the empty
+                 string or if there is no active MIB view having this
+                 value of vacmViewTreeFamilyViewName, then no access
+                 is granted.
+                "
+    DEFVAL      { ''H }   -- the empty string
+    ::= { vacmAccessEntry 5 }
+
+vacmAccessWriteViewName OBJECT-TYPE
+    SYNTAX       SnmpAdminString (SIZE(0..32))
+    MAX-ACCESS   read-create
+    STATUS       current
+    DESCRIPTION "The value of an instance of this object identifies
+                 the MIB view of the SNMP context to which this
+                 conceptual row authorizes write access.
+
+                 The identified MIB view is that one for which the
+                 vacmViewTreeFamilyViewName has the same value as the
+                 instance of this object; if the value is the empty
+                 string or if there is no active MIB view having this
+                 value of vacmViewTreeFamilyViewName, then no access
+                 is granted.
+                "
+    DEFVAL      { ''H }   -- the empty string
+    ::= { vacmAccessEntry 6 }
+
+vacmAccessNotifyViewName OBJECT-TYPE
+    SYNTAX       SnmpAdminString (SIZE(0..32))
+    MAX-ACCESS   read-create
+    STATUS       current
+    DESCRIPTION "The value of an instance of this object identifies
+                 the MIB view of the SNMP context to which this
+                 conceptual row authorizes access for notifications.
+
+                 The identified MIB view is that one for which the
+                 vacmViewTreeFamilyViewName has the same value as the
+                 instance of this object; if the value is the empty
+                 string or if there is no active MIB view having this
+                 value of vacmViewTreeFamilyViewName, then no access
+                 is granted.
+                "
+    DEFVAL      { ''H }   -- the empty string
+    ::= { vacmAccessEntry 7 }
+
+vacmAccessStorageType OBJECT-TYPE
+    SYNTAX       StorageType
+    MAX-ACCESS   read-create
+    STATUS       current
+    DESCRIPTION "The storage type for this conceptual row.
+
+                 Conceptual rows having the value 'permanent' need not
+                 allow write-access to any columnar objects in the row.
+                "
+    DEFVAL      { nonVolatile }
+    ::= { vacmAccessEntry 8 }
+
+vacmAccessStatus OBJECT-TYPE
+    SYNTAX       RowStatus
+    MAX-ACCESS   read-create
+    STATUS       current
+    DESCRIPTION "The status of this conceptual row.
+
+                 The  RowStatus TC [RFC2579] requires that this
+                 DESCRIPTION clause states under which circumstances
+                 other objects in this row can be modified:
+
+                 The value of this object has no effect on whether
+                 other objects in this conceptual row can be modified.
+                "
+    ::= { vacmAccessEntry 9 }
+
+-- Information about MIB views ***************************************
+
+-- Support for instance-level granularity is optional.
+--
+-- In some implementations, instance-level access control
+-- granularity may come at a high performance cost.  Managers
+-- should avoid requesting such configurations unnecessarily.
+
+vacmMIBViews     OBJECT IDENTIFIER ::= { vacmMIBObjects 5 }
+
+vacmViewSpinLock OBJECT-TYPE
+    SYNTAX       TestAndIncr
+    MAX-ACCESS   read-write
+    STATUS       current
+    DESCRIPTION "An advisory lock used to allow cooperating SNMP
+                 Command Generator applications to coordinate their
+                 use of the Set operation in creating or modifying
+                 views.
+
+                 When creating a new view or altering an existing
+                 view, it is important to understand the potential
+                 interactions with other uses of the view.  The
+                 vacmViewSpinLock should be retrieved.  The name of
+                 the view to be created should be determined to be
+                 unique by the SNMP Command Generator application by
+                 consulting the vacmViewTreeFamilyTable.  Finally,
+                 the named view may be created (Set), including the
+                 advisory lock.
+                 If another SNMP Command Generator application has
+                 altered the views in the meantime, then the spin
+                 lock's value will have changed, and so this creation
+                 will fail because it will specify the wrong value for
+                 the spin lock.
+
+                 Since this is an advisory lock, the use of this lock
+                 is not enforced.
+                "
+    ::= { vacmMIBViews 1 }
+
+vacmViewTreeFamilyTable OBJECT-TYPE
+    SYNTAX       SEQUENCE OF VacmViewTreeFamilyEntry
+    MAX-ACCESS   not-accessible
+    STATUS       current
+    DESCRIPTION "Locally held information about families of subtrees
+                 within MIB views.
+
+                 Each MIB view is defined by two sets of view subtrees:
+                   - the included view subtrees, and
+                   - the excluded view subtrees.
+                 Every such view subtree, both the included and the
+
+                 excluded ones, is defined in this table.
+
+                 To determine if a particular object instance is in
+                 a particular MIB view, compare the object instance's
+                 OBJECT IDENTIFIER with each of the MIB view's active
+                 entries in this table.  If none match, then the
+                 object instance is not in the MIB view.  If one or
+                 more match, then the object instance is included in,
+                 or excluded from, the MIB view according to the
+                 value of vacmViewTreeFamilyType in the entry whose
+                 value of vacmViewTreeFamilySubtree has the most
+                 sub-identifiers.  If multiple entries match and have
+                 the same number of sub-identifiers (when wildcarding
+                 is specified with the value of vacmViewTreeFamilyMask),
+                 then the lexicographically greatest instance of
+                 vacmViewTreeFamilyType determines the inclusion or
+                 exclusion.
+
+                 An object instance's OBJECT IDENTIFIER X matches an
+                 active entry in this table when the number of
+                 sub-identifiers in X is at least as many as in the
+                 value of vacmViewTreeFamilySubtree for the entry,
+                 and each sub-identifier in the value of
+                 vacmViewTreeFamilySubtree matches its corresponding
+                 sub-identifier in X.  Two sub-identifiers match
+                 either if the corresponding bit of the value of
+                 vacmViewTreeFamilyMask for the entry is zero (the
+                 'wild card' value), or if they are equal.
+
+                 A 'family' of subtrees is the set of subtrees defined
+                 by a particular combination of values of
+                 vacmViewTreeFamilySubtree and vacmViewTreeFamilyMask.
+
+                 In the case where no 'wild card' is defined in the
+                 vacmViewTreeFamilyMask, the family of subtrees reduces
+                 to a single subtree.
+
+                 When creating or changing MIB views, an SNMP Command
+                 Generator application should utilize the
+                 vacmViewSpinLock to try to avoid collisions.  See
+                 DESCRIPTION clause of vacmViewSpinLock.
+
+                 When creating MIB views, it is strongly advised that
+                 first the 'excluded' vacmViewTreeFamilyEntries are
+                 created and then the 'included' entries.
+
+                 When deleting MIB views, it is strongly advised that
+                 first the 'included' vacmViewTreeFamilyEntries are
+
+                 deleted and then the 'excluded' entries.
+
+                 If a create for an entry for instance-level access
+                 control is received and the implementation does not
+                 support instance-level granularity, then an
+                 inconsistentName error must be returned.
+                "
+    ::= { vacmMIBViews 2 }
+
+vacmViewTreeFamilyEntry OBJECT-TYPE
+    SYNTAX       VacmViewTreeFamilyEntry
+    MAX-ACCESS   not-accessible
+    STATUS       current
+    DESCRIPTION "Information on a particular family of view subtrees
+                 included in or excluded from a particular SNMP
+                 context's MIB view.
+
+                 Implementations must not restrict the number of
+                 families of view subtrees for a given MIB view,
+                 except as dictated by resource constraints on the
+                 overall number of entries in the
+                 vacmViewTreeFamilyTable.
+
+                 If no conceptual rows exist in this table for a given
+                 MIB view (viewName), that view may be thought of as
+                 consisting of the empty set of view subtrees.
+                "
+    INDEX       { vacmViewTreeFamilyViewName,
+                  vacmViewTreeFamilySubtree
+                }
+    ::= { vacmViewTreeFamilyTable 1 }
+
+VacmViewTreeFamilyEntry ::= SEQUENCE
+    {
+        vacmViewTreeFamilyViewName     SnmpAdminString,
+        vacmViewTreeFamilySubtree      OBJECT IDENTIFIER,
+        vacmViewTreeFamilyMask         OCTET STRING,
+        vacmViewTreeFamilyType         INTEGER,
+        vacmViewTreeFamilyStorageType  StorageType,
+        vacmViewTreeFamilyStatus       RowStatus
+    }
+
+vacmViewTreeFamilyViewName OBJECT-TYPE
+    SYNTAX       SnmpAdminString (SIZE(1..32))
+    MAX-ACCESS   not-accessible
+    STATUS       current
+    DESCRIPTION "The human readable name for a family of view subtrees.
+                "
+    ::= { vacmViewTreeFamilyEntry 1 }
+
+vacmViewTreeFamilySubtree OBJECT-TYPE
+    SYNTAX       OBJECT IDENTIFIER
+    MAX-ACCESS   not-accessible
+    STATUS       current
+    DESCRIPTION "The MIB subtree which when combined with the
+                 corresponding instance of vacmViewTreeFamilyMask
+                 defines a family of view subtrees.
+                "
+    ::= { vacmViewTreeFamilyEntry 2 }
+
+vacmViewTreeFamilyMask OBJECT-TYPE
+    SYNTAX       OCTET STRING (SIZE (0..16))
+    MAX-ACCESS   read-create
+    STATUS       current
+    DESCRIPTION "The bit mask which, in combination with the
+                 corresponding instance of vacmViewTreeFamilySubtree,
+                 defines a family of view subtrees.
+
+                 Each bit of this bit mask corresponds to a
+                 sub-identifier of vacmViewTreeFamilySubtree, with the
+                 most significant bit of the i-th octet of this octet
+                 string value (extended if necessary, see below)
+                 corresponding to the (8*i - 7)-th sub-identifier, and
+                 the least significant bit of the i-th octet of this
+                 octet string corresponding to the (8*i)-th
+                 sub-identifier, where i is in the range 1 through 16.
+
+                 Each bit of this bit mask specifies whether or not
+                 the corresponding sub-identifiers must match when
+                 determining if an OBJECT IDENTIFIER is in this
+                 family of view subtrees; a '1' indicates that an
+                 exact match must occur; a '0' indicates 'wild card',
+                 i.e., any sub-identifier value matches.
+
+                 Thus, the OBJECT IDENTIFIER X of an object instance
+                 is contained in a family of view subtrees if, for
+                 each sub-identifier of the value of
+                 vacmViewTreeFamilySubtree, either:
+
+                   the i-th bit of vacmViewTreeFamilyMask is 0, or
+
+                   the i-th sub-identifier of X is equal to the i-th
+                   sub-identifier of the value of
+                   vacmViewTreeFamilySubtree.
+
+                 If the value of this bit mask is M bits long and
+
+                 there are more than M sub-identifiers in the
+                 corresponding instance of vacmViewTreeFamilySubtree,
+                 then the bit mask is extended with 1's to be the
+                 required length.
+
+                 Note that when the value of this object is the
+                 zero-length string, this extension rule results in
+                 a mask of all-1's being used (i.e., no 'wild card'),
+                 and the family of view subtrees is the one view
+                 subtree uniquely identified by the corresponding
+                 instance of vacmViewTreeFamilySubtree.
+
+                 Note that masks of length greater than zero length
+                 do not need to be supported.  In this case this
+                 object is made read-only.
+                "
+    DEFVAL      { ''H }
+    ::= { vacmViewTreeFamilyEntry 3 }
+
+vacmViewTreeFamilyType OBJECT-TYPE
+    SYNTAX       INTEGER  { included(1), excluded(2) }
+    MAX-ACCESS   read-create
+    STATUS       current
+    DESCRIPTION "Indicates whether the corresponding instances of
+                 vacmViewTreeFamilySubtree and vacmViewTreeFamilyMask
+                 define a family of view subtrees which is included in
+                 or excluded from the MIB view.
+                "
+    DEFVAL      { included }
+    ::= { vacmViewTreeFamilyEntry 4 }
+
+vacmViewTreeFamilyStorageType OBJECT-TYPE
+    SYNTAX       StorageType
+    MAX-ACCESS   read-create
+    STATUS       current
+    DESCRIPTION "The storage type for this conceptual row.
+
+                 Conceptual rows having the value 'permanent' need not
+                 allow write-access to any columnar objects in the row.
+                "
+    DEFVAL      { nonVolatile }
+    ::= { vacmViewTreeFamilyEntry 5 }
+
+vacmViewTreeFamilyStatus OBJECT-TYPE
+    SYNTAX       RowStatus
+    MAX-ACCESS   read-create
+    STATUS       current
+    DESCRIPTION "The status of this conceptual row.
+
+                 The  RowStatus TC [RFC2579] requires that this
+                 DESCRIPTION clause states under which circumstances
+                 other objects in this row can be modified:
+
+                 The value of this object has no effect on whether
+                 other objects in this conceptual row can be modified.
+                "
+    ::= { vacmViewTreeFamilyEntry 6 }
+
+-- Conformance information *******************************************
+
+vacmMIBCompliances  OBJECT IDENTIFIER ::= { vacmMIBConformance 1 }
+vacmMIBGroups       OBJECT IDENTIFIER ::= { vacmMIBConformance 2 }
+
+-- Compliance statements *********************************************
+
+vacmMIBCompliance MODULE-COMPLIANCE
+    STATUS       current
+    DESCRIPTION "The compliance statement for SNMP engines which
+                 implement the SNMP View-based Access Control Model
+                 configuration MIB.
+                "
+    MODULE -- this module
+        MANDATORY-GROUPS { vacmBasicGroup }
+
+        OBJECT        vacmAccessContextMatch
+        MIN-ACCESS    read-only
+        DESCRIPTION  "Write access is not required."
+
+        OBJECT        vacmAccessReadViewName
+        MIN-ACCESS    read-only
+        DESCRIPTION  "Write access is not required."
+
+        OBJECT        vacmAccessWriteViewName
+        MIN-ACCESS    read-only
+        DESCRIPTION  "Write access is not required."
+
+        OBJECT        vacmAccessNotifyViewName
+        MIN-ACCESS    read-only
+        DESCRIPTION  "Write access is not required."
+
+        OBJECT        vacmAccessStorageType
+        MIN-ACCESS    read-only
+        DESCRIPTION  "Write access is not required."
+
+        OBJECT        vacmAccessStatus
+        MIN-ACCESS    read-only
+        DESCRIPTION  "Create/delete/modify access to the
+
+                      vacmAccessTable is not required.
+                     "
+
+        OBJECT        vacmViewTreeFamilyMask
+        WRITE-SYNTAX  OCTET STRING (SIZE (0))
+        MIN-ACCESS    read-only
+        DESCRIPTION  "Support for configuration via SNMP of subtree
+                      families using wild-cards is not required.
+                     "
+
+        OBJECT        vacmViewTreeFamilyType
+        MIN-ACCESS    read-only
+        DESCRIPTION  "Write access is not required."
+
+        OBJECT        vacmViewTreeFamilyStorageType
+        MIN-ACCESS    read-only
+        DESCRIPTION  "Write access is not required."
+
+        OBJECT        vacmViewTreeFamilyStatus
+        MIN-ACCESS    read-only
+        DESCRIPTION  "Create/delete/modify access to the
+                      vacmViewTreeFamilyTable is not required.
+                     "
+    ::= { vacmMIBCompliances 1 }
+
+-- Units of conformance **********************************************
+
+vacmBasicGroup OBJECT-GROUP
+    OBJECTS {
+              vacmContextName,
+              vacmGroupName,
+              vacmSecurityToGroupStorageType,
+              vacmSecurityToGroupStatus,
+              vacmAccessContextMatch,
+              vacmAccessReadViewName,
+              vacmAccessWriteViewName,
+              vacmAccessNotifyViewName,
+              vacmAccessStorageType,
+              vacmAccessStatus,
+              vacmViewSpinLock,
+              vacmViewTreeFamilyMask,
+              vacmViewTreeFamilyType,
+              vacmViewTreeFamilyStorageType,
+              vacmViewTreeFamilyStatus
+            }
+    STATUS       current
+    DESCRIPTION "A collection of objects providing for remote
+                 configuration of an SNMP engine which implements
+
+                 the SNMP View-based Access Control Model.
+                "
+    ::= { vacmMIBGroups 1 }
+
+END