In one aspect, a message is received requesting access to a set of managed objects associated with a network device. A set of object instances associated with the objects is retrieved, with their associated values. A set of access configuration commands represent an access policy associated with the requester. The access policy specifies restricted values associated with an object instance and includes instructions regarding whether to permit or deny access to the object instance when the object instance contains a specified restricted value. The current value of the object instance is compared to the specified restricted values, and access is controlled based on the access policy. Significantly, value-based access to management information is provided. In an embodiment, the set of commands further specify operator and restricted value combinations associated with the object instance, which are compared with the current value to determine whether it meets the state of one of the combinations, and access is permitted or denied accordingly.