[AGENT++] How to block V1 or V2 access to the VACM tables

Fedja Jeleskovic mrawd2 at gmail.com
Tue May 24 19:31:04 CEST 2005 

So basically I would need to call addNewView twice (at least) in order to
block the access to some of the branches and allow access to the others?
Right?

Does this example looks correct in this case:
        vacm->addNewView("v1v2RestrictedView", "1.3.6", "", view_included,
storageType_nonVolatile);

        vacm->addNewView("v1v2RestrictedView", "1.3.6.1.6", "",
view_excluded, storageType_nonVolatile);

Would this give me the access to everything below the "1.3.6" except for the
"1.3.6.1.6"?

Thanks


Fedja



> Hi,
>
> did you see the view_exluded option to vacm->addNewView? It seems that I
> have to add some doxygen comments to the vacm class... The VACM is only
> documented through the example code.
>
> You have two options:
> - include 1.3.6 and exlude all subtrees that v1/v2 users are not allowed
> to see
> - only include all allowed subtrees.
>
> Regards,
>   Jochen
>
> Fedja Jeleskovic wrote:
> > Hi there!
> >
> > Well, even though I am using a slightly different configuration set
> > for my agent, all of the values are still more or less typical to
> > what is in most of the main() file examples for Groups, Access, and
> > Views. Currently I have all three frameworks enabled. V1 and V2 share
> > the same "public" string for accessing the agent, while V3 setting
> > has couple of users with different privileges.
> >
> > What I am trying to solve here is about the ability for the V1 and V2
> > users to see VACM tables and get access for the user information
> > reserved for the V3 users only. Right now, I am hoping that by
> > changing the subtree ID for the V1 and V2 View entries for the read,
> > write, and notify views from the currently "1.3" or "1.3.6" to
> > "1.3.6.1.4.1.4551" will solve my problem and allow access only to
> > this branch and branches below it.
> >
> > But even if this works I will loose access to the mib2 branch and
> > some other branches that might be useful for V1 and V2 users too. So,
> > is there a way to block the V1 and V2 users from accessing the V3
> > information and still give them access to the other things?

More information about the AGENTPP mailing list