The management information definitions to extend
the View-based Access Control Model (RFC3415) for
This MIB extends the 'SNMP-VIEW-BASED-ACM-MIB' to
allow each combination of a 'securityModel' and a
'securityName' to be mapped into additional
groupNames. The groups identified by these mappings
are in addition to those identified by
'vacmGroupName' of the 'vacmSecurityToGroupTable'.
An Extension table to the 'vacmSecurityToGroupTable'
defined in 'SNMP-VIEW-BASED-ACM-MIB.
This table provides a mechanism to map a combination
of 'securityModel' and 'securityName' into one or more
groups in addition to the 'vacmGroupName' mapped in
the 'vacmSecurityToGroupTable'. These groups provide
additional access control policies for a principal.
The agent must allow the same group mapping entry to be
present in both the 'cvacmSecurityToGroupTable' and the
A row in this table can not exist without a corresponding
row for the same combination of 'securityModel' and
'securityName in the 'vacmSecurityToGroupTable'.
While creating a row in this table, if there is no
corresponding row for the same combination of
'securityModel' and 'securityName in the
'vacmSecurityToGroupTable', the same mapping entry in
is created in the 'vacmSecurityToGroupTable' by the
agent using the values of instance variables of the entry
in this table.
The deletion of a row in the 'vacmSecurityToGroupTable'
also causes the deletion of all the group mapping
entries for the same combination of 'vacmSecurityModel'
and 'vacmSecurityName' in the 'cvacmSecurityToGroupTable'.
The deletion of a row in this table does not affect
The name of the group for the mapping represented by
this row. This is in addition to the 'vacmGroupName'
mapped in the 'vacmSecurityToGroupTable'. For example
a user principal represented by 'securityName' maps
to a group represented by 'cvacmSecurityGrpName' under
a security model represented by 'securityModel'.
This groupName is used as index into the
'vacmAccessTable' to select an access control policy.
However, a value in this table does not imply that an
instance with the value exists in table 'vacmAccesTable'.