1-- ********************************************************************* 2-- CISCO-COMMON-ROLES-EXT-MIB.my: Common Roles Extension Mib 3-- 4-- February 2008, Mukul Chauhan 5-- 6-- Copyright (c) 2003, 2008 by Cisco Systems Inc. 7-- All rights reserved. 8-- 9-- ********************************************************************* 10 11CISCO-COMMON-ROLES-EXT-MIB DEFINITIONS ::= BEGIN 12 13IMPORTS 14 MODULE-IDENTITY, 15 OBJECT-TYPE, 16 Unsigned32, 17 Integer32 18 FROM SNMPv2-SMI 19 MODULE-COMPLIANCE, 20 OBJECT-GROUP 21 FROM SNMPv2-CONF 22 RowStatus, 23 TEXTUAL-CONVENTION, 24 TruthValue 25 FROM SNMPv2-TC 26 SnmpAdminString 27 FROM SNMP-FRAMEWORK-MIB 28 ccrmConfigurationExtGroup 29 FROM CISCO-COMMON-ROLES-MIB 30 ciscoMgmt 31 FROM CISCO-SMI; 32 33 34ciscoCommonRolesExtMIB MODULE-IDENTITY 35 LAST-UPDATED "200802150000Z" 36 ORGANIZATION "Cisco Systems Inc." 37 CONTACT-INFO 38 "Cisco Systems 39 Customer Service 40 Postal: 170 W Tasman Drive 41 San Jose, CA 95134 42 USA 43 Tel: +1 800 553 -NETS 44 E-mail: cs-san@cisco.com" 45 DESCRIPTION 46 "A MIB Module for managing the roles that are common 47 between access methods like Command Line Interface (CLI), 48 SNMP and XML interface. This MIB is an extension to the 49 CISCO-COMMON-ROLES-MIB, which is for managing Common 50 Roles on a device with fixed feature. 51 52 Terminology: 53 54 Commands are the basic operations that can be performed 55 on a device. For example 'show aaa *', 'clear aaa *', 56 'config t; ip arp *'. 57 58 Commands can be organized into groups called 59 Features. Features can be organized into groups called 60 Feature Groups. 61 62 The constituents of a Feature (i.e. Commands) and the 63 constituents of a Feature Group (i.e. Features) are 64 collectively referred to as Feature Elements. 65 66 This MIB extends the CISCO-COMMON-ROLES-MIB by adding 67 the following. 68 69 Features can be organized into groups called feature groups. 70 Access privileges can be assigned to feature group(s) 71 associated with a Role. 72 73 The five access privileges (clear, config, debug, show & 74 exec) are replaced by two access privileges ('read' and 75 'readWrite'). These two privileges have no relation to the 76 replaced five privileges. 77 78 The types of objects to which access can be restricted 79 is extended to include VLANs and Interfaces. 80 81 A device implementing this MIB need not implement 82 CISCO-COMMON-ROLES-MIB." 83 REVISION "200802150000Z" 84 DESCRIPTION 85 "Initial version of this MIB module." 86 ::= { ciscoMgmt 651 } 87 88 89ciscoCommonRolesExtNotifications OBJECT IDENTIFIER 90 ::= { ciscoCommonRolesExtMIB 0 } 91 92ciscoCommonRolesExtMIBObjects OBJECT IDENTIFIER 93 ::= { ciscoCommonRolesExtMIB 1 } 94 95ciscoCommonRolesExtMIBConformance OBJECT IDENTIFIER 96 ::= { ciscoCommonRolesExtMIB 2 } 97 98ccreInfo OBJECT IDENTIFIER 99 ::= { ciscoCommonRolesExtMIBObjects 1 } 100 101ccreRoleConfig OBJECT IDENTIFIER 102 ::= { ciscoCommonRolesExtMIBObjects 2 } 103 104ccreRuleConfig OBJECT IDENTIFIER 105 ::= { ciscoCommonRolesExtMIBObjects 3 } 106 107 108-- Textual Conventions 109 110CcreOperation ::= TEXTUAL-CONVENTION 111 STATUS current 112 DESCRIPTION 113 "Privileges allowed for a common role. 114 115 read - Read opeation 116 readWrite - Read-Write operation 117 118 Note that if a privilege is not supported by an access 119 method, then it does not apply to that access method. 120 121 There privileges are not related to the privileges 122 defined in 'CommonRoleOperation'" 123 SYNTAX INTEGER { 124 read(1), 125 readWrite(2) 126 } 127 128CcreResourceAccess ::= TEXTUAL-CONVENTION 129 STATUS current 130 DESCRIPTION 131 "A User can be restricted from accessing resources, in 132 addition to being restricted from performing certain 133 operations. 134 135 For e.g. a user assigned a role can be restricted from 136 accessing all VLANs configured on the device except VLAN 137 1 and 4, or a user can be allowed to access all VSANs 138 configured on the device except VSAN 5 and 10, or a User 139 can be allowed to access Interface 1, 5, 10, 15 and 20 140 and restricted from accessing all other interfaces. 141 142 This Bit mask lists the types of resources to which user 143 access can be controlled. 144 145 vsan(0) 146 Bit value of 0 indicates that the user has access 147 to no VSANs. However a user can be selectively 148 assigned access to VSANs and each such accessible 149 VSAN will have an entry in the 'ccreRoleScopeTable'. 150 Bit value of 1 indicates that the user has access 151 to all VSANs. In this case there are no VSAN entries 152 in the 'ccreRoleScopeTable'. Setting the bit to 1 153 results in deletion of all VSAN entries from the 154 ccreRoleScopeTable, for the role identified by 155 'ccreRoleName'. 156 157 vlan(1) 158 Bit value of 0 indicates that the user has access 159 to no VLANs. However a user can be selectively 160 assigned access to VLANs and each such accessible 161 VLAN will have an entry in the 'ccreRoleScopeTable'. 162 Bit value of 1 indicates that the user has access 163 to all VLANs. In this case there are no VLAN entries 164 in the 'ccreRoleScopeTable'. Setting the bit to 1 165 results in deletion of all VLAN entries from the 166 ccreRoleScopeTable, for the role identified by 167 'ccreRoleName'. 168 169 interface(2) 170 Bit value of 0 indicates that the user has access 171 to no interfaces. However a user can be selectively 172 assigned access to interfaces and each such accessible 173 interface will have an entry in the 'ccreRoleScopeTable'. 174 Bit value of 1 indicates that the user has access 175 to all interfaces. In this case there are no interface 176 entries in the 'ccreRoleScopeTable'. Setting the bit to 1 177 results in deletion of all interface entries from the 178 ccreRoleScopeTable, for the role identified by 179 'ccreRoleName'." 180 SYNTAX BITS { 181 vsan(0), 182 vlan(1), 183 interface(2) 184 } 185-- ccreFeatureElementTable 186 187ccreFeatureElementTable OBJECT-TYPE 188 SYNTAX SEQUENCE OF CcreFeatureElementEntry 189 MAX-ACCESS not-accessible 190 STATUS current 191 DESCRIPTION 192 "This table lists all the features and feature groups 193 configured on a device. 194 195 For each feature it lists all the command(s) contained 196 in the feature. 197 198 For each feature groups it lists all the features 199 contained in the group. 200 201 A feature element is either a feature or a feature 202 group. 203 204 A device may have some predefined features which may 205 not be editable by a user. In addition, a device may 206 allow a user to define new feature group. 207 208 A device implementing this MIB need not implement the 209 objects that form a conceptual row in the 210 'commonRolesFeatureTable' table defined in the 211 CISCO-COMMON-ROLES MIB. 212 213 The entries in this table are persistent across device 214 reboots." 215 ::= { ccreInfo 1 } 216 217ccreFeatureElementEntry OBJECT-TYPE 218 SYNTAX CcreFeatureElementEntry 219 MAX-ACCESS not-accessible 220 STATUS current 221 DESCRIPTION 222 "An entry (conceptual row) in the ccreFeatureElementTable. 223 224 Each row in this table represents an element (command 225 or a feature) contained in a feature or a feature group. 226 227 For example a 'radius' feature that contains three 228 commands - 'radius-server', 'radius-cfs' and 229 'aaa group server radius', this table 230 will have three entries, one each for the three 231 commands. 232 233 ccreFeatureName ccreFeatureIndex ccreFeatureElementName 234 'radius' 1 'radius-server' 235 'radius' 2 'radius-cfs' 236 'radius' 3 'aaa group server radius' 237 'arp' 1 'show arp' 238 'arp' 2 'clear ip arp'" 239 INDEX { 240 ccreFeatureName, 241 ccreFeatureElementIndex 242 } 243 ::= { ccreFeatureElementTable 1 } 244 245CcreFeatureElementEntry ::= SEQUENCE { 246 ccreFeatureName SnmpAdminString, 247 ccreFeatureElementIndex Unsigned32, 248 ccreFeatureElementName SnmpAdminString, 249 ccreFeatureElementType INTEGER , 250 ccreFeatureRowStatus RowStatus 251} 252 253ccreFeatureName OBJECT-TYPE 254 SYNTAX SnmpAdminString (SIZE (1..32)) 255 MAX-ACCESS not-accessible 256 STATUS current 257 DESCRIPTION 258 "Identifies the feature or the feature group for which 259 this entry represents an element. 260 261 This object is the same as the commonRoleFeatureName." 262 ::= { ccreFeatureElementEntry 1 } 263 264ccreFeatureElementIndex OBJECT-TYPE 265 SYNTAX Unsigned32 (1..4294967295 ) 266 MAX-ACCESS not-accessible 267 STATUS current 268 DESCRIPTION 269 "An index value for this element which uniquely 270 distinguishes it from all other elements of same 271 feature." 272 ::= { ccreFeatureElementEntry 2 } 273 274ccreFeatureElementName OBJECT-TYPE 275 SYNTAX SnmpAdminString (SIZE (1..32)) 276 MAX-ACCESS read-create 277 STATUS current 278 DESCRIPTION 279 "Name of the feature element represented by this row." 280 ::= { ccreFeatureElementEntry 3 } 281 282ccreFeatureElementType OBJECT-TYPE 283 SYNTAX INTEGER { 284 command(1), 285 feature(2), 286 none(3) 287 } 288 MAX-ACCESS read-create 289 STATUS current 290 DESCRIPTION 291 "An indication of the type of element represented by 292 this row. 293 294 When this field has the value 'command', this row 295 represents a command name. 296 297 When this field has the value 'feature', this row 298 represents a feature name. 299 300 This field must have the value 'none' when a 301 feature could not otherwise be represented in this 302 table because the feature does not yet have any 303 elements defined for it. When features are added to 304 an empty feature-group, the row with element type 305 'none' is still maintained in this table. Deleting this 306 row (with type as 'none') will delete the feature group 307 and all other rows representing relationship between 308 this feature group and its members. 309 310 A feature should have at least one element, whereas a 311 feature-group may have zero or more entries. 312 313 All entries in this table are persistent across device 314 reboots" 315 ::= { ccreFeatureElementEntry 4 } 316 317ccreFeatureRowStatus OBJECT-TYPE 318 SYNTAX RowStatus 319 MAX-ACCESS read-create 320 STATUS current 321 DESCRIPTION 322 "Status of this row." 323 ::= { ccreFeatureElementEntry 5 } 324 325 326-- ccreRoleTable 327 328ccreRoleTable OBJECT-TYPE 329 SYNTAX SEQUENCE OF CcreRoleEntry 330 MAX-ACCESS not-accessible 331 STATUS current 332 DESCRIPTION 333 "This table lists all the common roles configured on this 334 device. Common roles are the user roles which are common 335 across SNMP and CLI. 336 337 A device implementing this MIB need not implement the 338 objects that form a conceptual row in the 339 'commonRoleTable' defined in the CISCO-COMMON-ROLES MIB. 340 341 This table and the 'commonRoleTable' table both have 342 one entry per Role defined on the device. However unlike 343 the 'commonRoleTable', this table does not contain any 344 scope restriction information. The scope restriction 345 information instead is contained in the 346 'ccreRoleScopeTable' Table. 347 348 If a device implements this this table along with 349 'commonRoleTable' a row existing in 350 'commonRoleTable' should also exist in this table and 351 vice versa. 352 353 All entries in this table are persistent across device 354 reboots." 355 ::= { ccreRoleConfig 2 } 356 357ccreRoleEntry OBJECT-TYPE 358 SYNTAX CcreRoleEntry 359 MAX-ACCESS not-accessible 360 STATUS current 361 DESCRIPTION 362 "An entry (conceptual row) in the ccreRoleTable. 363 One entry per role defined on the device." 364 INDEX { ccreRoleName } 365 ::= { ccreRoleTable 1 } 366 367CcreRoleEntry ::= SEQUENCE { 368 ccreRoleName SnmpAdminString, 369 ccreRoleDescription SnmpAdminString, 370 ccreRoleResourceAccess CcreResourceAccess, 371 ccreRoleRowStatus RowStatus 372} 373 374ccreRoleName OBJECT-TYPE 375 SYNTAX SnmpAdminString (SIZE (1..16)) 376 MAX-ACCESS not-accessible 377 STATUS current 378 DESCRIPTION 379 "Name of the common role. This is same as 380 commonRoleName." 381 ::= { ccreRoleEntry 1 } 382 383ccreRoleDescription OBJECT-TYPE 384 SYNTAX SnmpAdminString (SIZE (0..64)) 385 MAX-ACCESS read-create 386 STATUS current 387 DESCRIPTION 388 "Description of the common role. This is same as 389 commonRoleDescription." 390 ::= { ccreRoleEntry 2 } 391 392ccreRoleResourceAccess OBJECT-TYPE 393 SYNTAX CcreResourceAccess 394 MAX-ACCESS read-create 395 STATUS current 396 DESCRIPTION 397 "Defines the default access to the resources to which 398 access can be controlled. 399 400 vsan(0) 401 Bit value of 0 indicates that the user has access 402 to no VSANs. However a user can be selectively 403 assigned access to VSANs and each such accessible 404 VSAN will have an entry in the 'ccreRoleScopeTable'. 405 Bit value of 1 indicates that the user has access 406 to all VSANs. In this case there are no VSAN entries 407 in the 'ccreRoleScopeTable'. Setting the bit to 1 408 results in deletion of all VSAN entries from the 409 ccreRoleScopeTable, for the role identified by 410 'ccreRoleName'. 411 412 vlan(1) 413 Bit value of 0 indicates that the user has access 414 to no VLANs. However a user can be selectively 415 assigned access to VLANs and each such accessible 416 VLAN will have an entry in the 'ccreRoleScopeTable'. 417 Bit value of 1 indicates that the user has access 418 to all VLANs. In this case there are no VLAN entries 419 in the 'ccreRoleScopeTable'. Setting the bit to 1 420 results in deletion of all VLAN entries from the 421 ccreRoleScopeTable, for the role identified by 422 'ccreRoleName'. 423 424 interface(2) 425 Bit value of 0 indicates that the user has access 426 to no Interfaces. However a user can be selectively 427 assigned access to interfaces and each such accessible 428 interface will have an entry in the 'ccreRoleScopeTable'. 429 Bit value of 1 indicates that the user has access 430 to all interfaces. In this case there are no interface 431 entries in the 'ccreRoleScopeTable'. Setting the bit to 1 432 results in deletion of all interface entries from the 433 ccreRoleScopeTable, for the role identified by 434 'ccreRoleName'. 435 436 For example a role which has access to all VSANs, 437 all VLANs and no Interface will have this field set 438 as 439 - - - 440 |0|1|1| 441 - - -" 442 ::= { ccreRoleEntry 3 } 443 444ccreRoleRowStatus OBJECT-TYPE 445 SYNTAX RowStatus 446 MAX-ACCESS read-create 447 STATUS current 448 DESCRIPTION 449 "Status of this role." 450 ::= { ccreRoleEntry 4 } 451 452 453-- ccreRoleScopeTable 454 455ccreRoleScopeTable OBJECT-TYPE 456 SYNTAX SEQUENCE OF CcreRoleScopeEntry 457 MAX-ACCESS not-accessible 458 STATUS current 459 DESCRIPTION 460 "This table lists the resources to which a user belonging 461 to a role can access. 462 463 A role may be restricted from accessing various 464 resources of a device. This table lists the resources 465 that a role can access. 466 467 If for a role there is no entry in this table, then 468 restriction, if any, is determined by the 469 ccrePermitAllPolicies object in the ccreRoleTable. 470 471 Each resource (VSAN, VLAN or Interface) to which a role 472 has access to, has a separate entry in the table. 473 For e.g. if a role has access to VLAN 1, 2, 6 and 7; 474 VSAN 2, 5 and 8 and interface 2/1 and 2/3, this table 475 will have 9 entries, 4 for VSANs, 3 for VLANs and 2 for 476 Interfaces. 477 478 Entries in this table can be created/deleted using 479 ccreRoleScopeRowStatus. 480 481 The table provides the same information as 482 'commonRoleScopeRestriction', 'commonRoleScope1' and 483 'commonRoleScope2' but in a different way. 484 485 The object 'commonRoleScope1' and 'commonRoleScope2' 486 are 256*8 bit mask with each bit representing a VLAN. 487 'commonRoleScope1' identifies VLANS 1 to 2048 whereas 488 'commonRoleScope2' identifies VLANS 2049 to 4096. 489 490 In this table, there is a separate entry for each VSAN, 491 along with separate entry for each VLAN and Interface 492 to which a role has access. The purpose of this table 493 is to remove the limit of 4096 that are supported by 494 'commonRoleTable'. 495 496 All entries in this table are persistent across device 497 reboots" 498 ::= { ccreRoleConfig 3 } 499 500ccreRoleScopeEntry OBJECT-TYPE 501 SYNTAX CcreRoleScopeEntry 502 MAX-ACCESS not-accessible 503 STATUS current 504 DESCRIPTION 505 "An entry (conceptual row) in the ccreRoleScopeTable. 506 507 There is one entry for each different scope value of a 508 Role. If a Role 'R1' is defined to have scope on 509 VSAN-1, VSAN-2, VLAN-1, VLAN#, Interface fc1/1 and 510 fc1/2, then there will be six entries for role 'R1' in 511 this table, one each for VSAN-1, VSAN2, VLAN-1, VLAN-1, 512 fc1/1 and fc1/2." 513 INDEX { 514 ccreRoleName, 515 ccreRoleScopeIndex 516 } 517 ::= { ccreRoleScopeTable 1 } 518 519CcreRoleScopeEntry ::= SEQUENCE { 520 ccreRoleScopeIndex Unsigned32, 521 ccreRoleScopeRestriction INTEGER , 522 ccreRoleScopeValue Integer32, 523 ccreRoleScopeRowStatus RowStatus 524} 525 526ccreRoleScopeIndex OBJECT-TYPE 527 SYNTAX Unsigned32 (1..4294967295 ) 528 MAX-ACCESS not-accessible 529 STATUS current 530 DESCRIPTION 531 "An index value for this entry which uniquely 532 distinguishes it from all other entries for same 533 Role." 534 ::= { ccreRoleScopeEntry 1 } 535 536ccreRoleScopeRestriction OBJECT-TYPE 537 SYNTAX INTEGER { 538 vsan(1), 539 vlan(2), 540 interface(3) 541 } 542 MAX-ACCESS read-create 543 STATUS current 544 DESCRIPTION 545 "This object indicates the type of the scope restriction 546 about which the information is provided by row." 547 ::= { ccreRoleScopeEntry 2 } 548 549ccreRoleScopeValue OBJECT-TYPE 550 SYNTAX Integer32 (1..2147483647 ) 551 MAX-ACCESS read-create 552 STATUS current 553 DESCRIPTION 554 "This object identifies the resource this role 555 can access. 556 557 If the value of 'ccreRoleScopeRestriction' is 'vsan' 558 or 'vlan', this object specifies the Id (which is 559 a number) of the VSAN/VLAN. 560 561 If the value of 'ccreRoleScopeRestriction' is 562 'interface', this object specifies the IfIndex 563 of the interface." 564 ::= { ccreRoleScopeEntry 3 } 565 566ccreRoleScopeRowStatus OBJECT-TYPE 567 SYNTAX RowStatus 568 MAX-ACCESS read-create 569 STATUS current 570 DESCRIPTION 571 "Status of this scope restriction entry." 572 ::= { ccreRoleScopeEntry 4 } 573 574 575-- ccreRuleTable 576 577ccreRuleTable OBJECT-TYPE 578 SYNTAX SEQUENCE OF CcreRuleEntry 579 MAX-ACCESS not-accessible 580 STATUS current 581 DESCRIPTION 582 "This table lists all the rules configured for roles 583 defined in the ccreRoleTable. Each rule defines the 584 access (permit/deny) allowed to a particular command, 585 feature or a feature group. 586 587 Entries in this table are also created/deleted using 588 ccreRuleRowStatus. 589 590 A row in this table cannot be made 'active' until a 591 value is explicitly provided for that row's instances 592 of following objects : 593 - ccreRuleOperation 594 595 If ccreRuleFeatureElementName is a command, 596 then 597 - ccreRuleOperation is not needed to be set 598 599 A device implementing this MIB need not implement the 600 objects that form a conceptual row in the 601 'commonRuleRoleTable' table, which is defined in the 602 CISCO-COMMON-ROLES-MIB. 603 604 There is no relation between the rows in 605 'commonRuleRoleTable' and this table as both define 606 different operation types. Each table can have rows 607 with no corresponding rows in other table. 608 609 All entries in this table are persistent across device 610 reboots" 611 ::= { ccreRuleConfig 2 } 612 613ccreRuleEntry OBJECT-TYPE 614 SYNTAX CcreRuleEntry 615 MAX-ACCESS not-accessible 616 STATUS current 617 DESCRIPTION 618 "An entry (conceptual row) in the ccreRuleRuleTable. 619 620 There is one entry for each Rule contained in a Role. 621 For eg. if a Role 'R1' has 6 rules, there will be 622 six entries for Role 'R1'." 623 INDEX { 624 ccreRoleName, 625 ccreRuleNumber 626 } 627 ::= { ccreRuleTable 1 } 628 629CcreRuleEntry ::= SEQUENCE { 630 ccreRuleNumber Unsigned32, 631 ccreRuleFeatureElementName SnmpAdminString, 632 ccreRuleFeatureElementType INTEGER , 633 ccreRuleOperation CcreOperation, 634 ccreRuleOperationPermitted TruthValue, 635 ccreRuleRowStatus RowStatus 636} 637 638ccreRuleNumber OBJECT-TYPE 639 SYNTAX Unsigned32 (1..256) 640 MAX-ACCESS not-accessible 641 STATUS current 642 DESCRIPTION 643 "A unique index for a rule in a particular role. 644 The rule are applied according to their rule 645 number, i.e. Rule 1 will be the first rule applied 646 followed by Rule 2 and so on. 647 648 Rule numbers need not be contiguous, for e.g. a Role 649 can have three rule numbered 1, 4 & 7. Further when 650 a new rule is added to this Role it can be rule number 651 2 or 5 or 9 (any number other than 1, 4 and 7)." 652 ::= { ccreRuleEntry 1 } 653 654ccreRuleFeatureElementName OBJECT-TYPE 655 SYNTAX SnmpAdminString (SIZE (0..32)) 656 MAX-ACCESS read-create 657 STATUS current 658 DESCRIPTION 659 "Name of the command or feature or feature group. 660 If this is a zero-length string, then this rule applies 661 to all the features supported on the device as 662 enumerated in commonRoleFeatureTable." 663 DEFVAL { ''H } 664 ::= { ccreRuleEntry 2 } 665 666ccreRuleFeatureElementType OBJECT-TYPE 667 SYNTAX INTEGER { 668 command(1), 669 feature(2), 670 featureGroup(3), 671 all(4) 672 } 673 MAX-ACCESS read-create 674 STATUS current 675 DESCRIPTION 676 "Specifies the type of entry (command or feature or 677 feature group) as specified by the object 678 ccreRuleFeatureElementName" 679 ::= { ccreRuleEntry 3 } 680 681ccreRuleOperation OBJECT-TYPE 682 SYNTAX CcreOperation 683 MAX-ACCESS read-create 684 STATUS current 685 DESCRIPTION 686 "The operation for this rule." 687 ::= { ccreRuleEntry 4 } 688 689ccreRuleOperationPermitted OBJECT-TYPE 690 SYNTAX TruthValue 691 MAX-ACCESS read-create 692 STATUS current 693 DESCRIPTION 694 "This object tells if the operation 695 `ccreRuleOperation' is permitted or denied. 696 The operation is permitted if 697 the value of this object is `true'. 698 If the value of the object is 'false', the operation is 699 not permitted." 700 DEFVAL { true } 701 ::= { ccreRuleEntry 5 } 702 703ccreRuleRowStatus OBJECT-TYPE 704 SYNTAX RowStatus 705 MAX-ACCESS read-create 706 STATUS current 707 DESCRIPTION 708 "Status of this rule." 709 ::= { ccreRuleEntry 6 } 710 711 712-- Conformance 713 714ccreMIBCompliances OBJECT IDENTIFIER 715 ::= { ciscoCommonRolesExtMIBConformance 1 } 716 717ccreMIBGroups OBJECT IDENTIFIER 718 ::= { ciscoCommonRolesExtMIBConformance 2 } 719 720 721ccreMIBCompliance MODULE-COMPLIANCE 722 STATUS current 723 DESCRIPTION 724 "The compliance statement for entities which 725 implement the CISCO-COMMON-ROLES-EXT-MIB." 726 MODULE -- this module 727 MANDATORY-GROUPS { ccreConfigurationGroup } 728 729 OBJECT ccreFeatureElementName 730 MIN-ACCESS read-only 731 DESCRIPTION 732 "Support for write/create access is not required." 733 734 OBJECT ccreFeatureElementType 735 MIN-ACCESS read-only 736 DESCRIPTION 737 "Support for write/create access is not required." 738 739 OBJECT ccreFeatureRowStatus 740 MIN-ACCESS read-only 741 DESCRIPTION 742 "Support for write/create access is not required." 743 744 OBJECT ccreRoleDescription 745 MIN-ACCESS read-only 746 DESCRIPTION 747 "Support for write/create access is not required." 748 749 OBJECT ccreRoleResourceAccess 750 MIN-ACCESS read-only 751 DESCRIPTION 752 "Support for write/create access is not required." 753 754 OBJECT ccreRoleRowStatus 755 MIN-ACCESS read-only 756 DESCRIPTION 757 "Support for write/create access is not required." 758 759 OBJECT ccreRoleScopeRestriction 760 MIN-ACCESS read-only 761 DESCRIPTION 762 "Support for write/create access is not required." 763 764 OBJECT ccreRoleScopeValue 765 MIN-ACCESS read-only 766 DESCRIPTION 767 "Support for write/create access is not required." 768 769 OBJECT ccreRoleScopeRowStatus 770 MIN-ACCESS read-only 771 DESCRIPTION 772 "Support for write/create access is not required." 773 774 OBJECT ccreRuleFeatureElementName 775 MIN-ACCESS read-only 776 DESCRIPTION 777 "Support for write/create access is not required." 778 779 OBJECT ccreRuleFeatureElementType 780 MIN-ACCESS read-only 781 DESCRIPTION 782 "Support for write/create access is not required." 783 784 OBJECT ccreRuleOperation 785 MIN-ACCESS read-only 786 DESCRIPTION 787 "Support for write/create access is not required." 788 789 OBJECT ccreRuleOperationPermitted 790 MIN-ACCESS read-only 791 DESCRIPTION 792 "Support for write/create access is not required." 793 794 OBJECT ccreRuleRowStatus 795 MIN-ACCESS read-only 796 DESCRIPTION 797 "Support for write/create access is not required." 798 799 MODULE CISCO-COMMON-ROLES-MIB 800 MANDATORY-GROUPS { ccrmConfigurationExtGroup } 801 802 OBJECT commonRoleSupportedOperation 803 SYNTAX BITS { 804 read(5), 805 readWrite(6) 806 } 807 DESCRIPTION 808 "Only 'read', 'readWrite' need to be supported." 809 ::= { ccreMIBCompliances 1 } 810 811-- Units of Conformance 812 813ccreConfigurationGroup OBJECT-GROUP 814 OBJECTS { 815 ccreFeatureElementName, 816 ccreFeatureElementType, 817 ccreFeatureRowStatus, 818 ccreRoleDescription, 819 ccreRoleResourceAccess, 820 ccreRoleRowStatus, 821 ccreRoleScopeRestriction, 822 ccreRoleScopeValue, 823 ccreRoleScopeRowStatus, 824 ccreRuleFeatureElementName, 825 ccreRuleFeatureElementType, 826 ccreRuleOperation, 827 ccreRuleOperationPermitted, 828 ccreRuleRowStatus 829 } 830 STATUS current 831 DESCRIPTION 832 "A collection of objects for Common Roles 833 Extention configuration." 834 ::= { ccreMIBGroups 1 } 835 836END 837 838