This section provides an overview of the View-Based Access Control Model (VACM), describing how it enables controlled SNMP access to managed objects using views and access policies.
View-Based Access Control Model (VACM):
The View-Based Access Control Model enables SNMP users to control access by assigning read, write, or notify privileges to SNMP managed objects. It prevents access to objects restricted by views. These access policies are set during user group configuration with the snmp-server group command.
MIB views:
-
Restrict group access rights to specific management information within the domain for security.
-
MIB views define managed object types and instances that can be viewed.
Access policy:
Access policy determines the access rights of a group. The three types are:
-
Read-view access: Allows reading a set of authorized object instances.
-
Write-view access: Allows writing to a set of authorized object instances.
-
Notify-view access: Allows sending notifications regarding a set of authorized object instances.