netconfcentral logo

ietf-snmp-vacm@2014-05-06



  submodule ietf-snmp-vacm {

    yang-version 1;

    belongs-to ietf-snmp {
        prefix snmp;
    }

    include ietf-snmp-common;

    organization
      "IETF NETMOD (NETCONF Data Modeling Language) Working Group";

    contact
      "WG Web:   <http://tools.ietf.org/wg/netmod/>
     WG List:  <mailto:netmod@ietf.org>

     WG Chair: Thomas Nadeau
               <mailto:tnadeau@lucidvision.com>
     WG Chair: Juergen Schoenwaelder
               <mailto:j.schoenwaelder@jacobs-university.de>

     Editor:   Martin Bjorklund
               <mailto:mbj@tail-f.com>

     Editor:   Juergen Schoenwaelder
               <mailto:j.schoenwaelder@jacobs-university.de>";

    description
      "This submodule contains a collection of YANG definitions
     for configuring the View-based Access Control Model (VACM)
     of SNMP.

     Copyright (c) 2014 IETF Trust and the persons identified as
     authors of the code.  All rights reserved.

     Redistribution and use in source and binary forms, with or
     without modification, is permitted pursuant to, and subject
     to the license terms contained in, the Simplified BSD License
     set forth in Section 4.c of the IETF Trust's Legal Provisions
     Relating to IETF Documents
     (http://trustee.ietf.org/license-info).

     This version of this YANG module is part of RFC XXXX; see
     the RFC itself for full legal notices.";

    reference
      "RFC3415: View-based Access Control Model (VACM) for the
      	 Simple Network Management Protocol (SNMP)";


    revision "2014-05-06" {
      description "Initial revision.";
      reference
        "RFC XXXX: A YANG Data Model for SNMP Configuration";

    }


    typedef view-name {
      type identifier;
      description
        "The view-name type represents an SNMP VACM view name.";
    }

    typedef group-name {
      type identifier;
      description
        "The group-name type represents an SNMP VACM group name.";
    }

    augment /snmp:snmp {
      container vacm {
        description
          "Configuration of the View-based Access Control Model";
        list group {
          key "name";
          description
            "VACM Groups.

           This data model has a different structure than the MIB.
           Groups are explicitly defined in this list, and group
           members are defined in the 'member' list (mapped to
           vacmSecurityToGroupTable), and access for the group is
           defined in the 'access' list (mapped to
           vacmAccessTable).";
          reference
            "SNMP-VIEW-BASED-ACM-MIB.vacmSecurityToGroupTable
            SNMP-VIEW-BASED-ACM-MIB.vacmAccessTable";

          leaf name {
            type group-name;
            description
              "The name of this VACM group.";
            reference
              "SNMP-VIEW-BASED-ACM-MIB.vacmGroupName";

          }

          list member {
            key "security-name";
            description
              "A member of this VACM group.

             A certain combination of security-name and
             security-model MUST NOT be present in more than
             one group.";
            reference
              "SNMP-VIEW-BASED-ACM-MIB.vacmSecurityToGroupTable";

            leaf security-name {
              type security-name;
              description
                "The securityName of a group member.";
              reference
                "SNMP-VIEW-BASED-ACM-MIB.vacmSecurityName";

            }

            leaf-list security-model {
              type security-model;
              min-elements 1;
              description
                "The security models under which this security-name
               is a member of this group.";
              reference
                "SNMP-VIEW-BASED-ACM-MIB.vacmSecurityModel";

            }
          }  // list member

          list access {
            key "context security-model security-level";
            description
              "Definition of access right for groups";
            reference
              "SNMP-VIEW-BASED-ACM-MIB.vacmAccessTable";

            leaf context {
              type context-name;
              description
                "The context (prefix) under which the access rights
               apply.";
              reference
                "SNMP-VIEW-BASED-ACM-MIB.vacmAccessContextPrefix";

            }

            leaf context-match {
              type enumeration {
                enum "exact" {
                  value 1;
                }
                enum "prefix" {
                  value 2;
                }
              }
              default 'exact';
              reference
                "SNMP-VIEW-BASED-ACM-MIB.vacmAccessContextMatch";

            }

            leaf security-model {
              type security-model-or-any;
              description
                "The security model under which the access rights
              apply.";
              reference
                "SNMP-VIEW-BASED-ACM-MIB.vacmAccessSecurityModel";

            }

            leaf security-level {
              type security-level;
              description
                "The minimum security level under which the access
               rights apply.";
              reference
                "SNMP-VIEW-BASED-ACM-MIB.vacmAccessSecurityLevel";

            }

            leaf read-view {
              type view-name;
              description
                "The name of the MIB view of the SNMP context
               authorizing read access. If this leaf does not
               exist in a configuration, it maps to a zero-length
               vacmAccessReadViewName.

               Implementations MAY restrict the values of this
               leaf to be one of the available values of
               /snmp/vacm/view/name in a valid configuration.";
              reference
                "SNMP-VIEW-BASED-ACM-MIB.vacmAccessReadViewName";

            }

            leaf write-view {
              type view-name;
              description
                "The name of the MIB view of the SNMP context
               authorizing write access. If this leaf does not
               exist in a configuration, it maps to a zero-length
               vacmAccessWriteViewName.

               Implementations MAY restrict the values of this
               leaf to be one of the available values of
               /snmp/vacm/view/name in a valid configuration.";
              reference
                "SNMP-VIEW-BASED-ACM-MIB.vacmAccessWriteViewName";

            }

            leaf notify-view {
              type view-name;
              description
                "The name of the MIB view of the SNMP context
               authorizing notify access. If this leaf does not
               exist in a configuration, it maps to a zero-length
               vacmAccessNotifyViewName.

               Implementations MAY restrict the values of this
               leaf to be one of the available values of
               /snmp/vacm/view/name in a valid configuration.";
              reference
                "SNMP-VIEW-BASED-ACM-MIB.vacmAccessNotifyViewName";

            }
          }  // list access
        }  // list group

        list view {
          key "name";
          description
            "Definition of MIB views.";
          reference
            "SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilyTable";

          leaf name {
            type view-name;
            description
              "The name of this VACM MIB view.";
            reference
              "SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilyName";

          }

          leaf-list include {
            type wildcard-object-identifier;
            description
              "A family of subtrees included in this MIB view.";
            reference
              "SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilySubtree
              SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilyMask
              SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilyType";

          }

          leaf-list exclude {
            type wildcard-object-identifier;
            description
              "A family of subtrees excluded from this MIB view.";
            reference
              "SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilySubtree
              SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilyMask
              SNMP-VIEW-BASED-ACM-MIB.vacmViewTreeFamilyType";

          }
        }  // list view
      }  // container vacm
    }
  }  // submodule ietf-snmp-vacm