Access control modes
SNMP uses the following modes to control access to MIB objects:
View-based Access Control Model—The VACM mode controls access to MIB objects by assigning MIB views to SNMP communities or users.
Role based access control—The RBAC mode controls access to MIB objects by assigning user roles to SNMP communities or users.
SNMP communities or users with predefined user role network-admin or level-15 have read and write access to all MIB objects.
SNMP communities or users with predefined user role network-operator have read-only access to all MIB objects.
SNMP communities or users with a non-predefined user role have user-assigned access rights. To create a non-predefined user role, use the role command. To assign MIB object rights to the user role, use the rule command.
RBAC mode controls access on a per MIB object basis, and VACM mode controls access on a MIB view basis. As a best practice to enhance MIB security, use RBAC mode.
If you create the same SNMP community or user with both modes multiple times, the most recent configuration takes effect. For more information about RBAC, see Fundamentals Command Reference.