On Thu, Nov 02, 2006 at 07:41:13AM -0800, Andy Bierman wrote:
There are 4 components to implementing an isAccessAllowed internal API:
- maximum access that makes protocol sense
- SNMP uses read-create to identify table rows that the NMS
and agent can create, and read-write to identify scalars and
table rows that only the agent can create.
- access requested in the PDU
- identity or the requester (e.g., user name, group name)
- maximum access allowed for the requester (configured on the agent)
The maximum access that makes protocol sense is IMHO not an input to
isAccessAllowed - there is no runtime decision to make. The maximum
access that makes protocol sense is input for the tools that drive
your implementation; there simply is no write method to call for
read-only objects. In the SNMP processing, you return an error before
you ever get to the isAccessAllowed() function if I remember things
well.