2.3. Existing Access Control in SNM

2.3. Existing Access Control in SNMPv3
SNMP relies on the well-known View-based Access Control Model “VACM” to control access to its MIBs. VACM is invoked whenever a message is received or sent from an agent to check the access rights of the receiver of the message.
Access Policy is used in VACM to determine the access rights for users or groups. Right are given as a read-view, write view, notify-view, The following steps describe the process taken by VACM to enforce an access policy:
1. –
VACM takes two inputs, which are security name and security model. Then, it searches within the “VacmSecurityToGroupTable” to find a group containing this combination. If it returns zero rows (this combination does not exists in any group), then VACM returns an error indication (NoGroupName).
2. –
VACM takes the second input, which is the context name, and checks the VacmAccessTable to determine if the group found in step 1 has the right to access this context.
3. –
Then, it takes the securityModel and SecurityLevel to determine whether the previous group has access to this context by this level of security.
4. –
After that, it takes the “ViewType”as input to determine whether this group can access this context by this level of security to read, write or notify,
5. –
The last step is checking if the previous group can access this variable by using “variable name”