g+
g+ Communities
Argonne National Laboratory

Experimental Physics and
Industrial Control System

1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  <20052006  2007  2008  2009  2010  2011  2012  2013  2014  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  <20052006  2007  2008  2009  2010  2011  2012  2013  2014 
<== Date ==> <== Thread ==>

Subject: write access through ca gateway
From: Jane Richards <richards@triumf.ca>
To: tech-talk@aps.anl.gov
Date: Fri, 21 Jan 2005 16:02:29 -0800
Hi I'm wondering whether I understand the gateway functionality because what I have discovered does not seem to make sense to me.

First of all let me describe my system:

I have access security implemented on all my IOC's, with the vast majority of PV's being the ASG DEFAULT - where access is tightly controlled through the CALC function. On some PV's I have experimenter ASG enabled, and this ASG can be changed through a host-run script when the experiment changes. Since the access security is on the IOC I can be assured that any non-ioc originated channel access write request will obey these rules.

The Gateway Users Guide states under the Access Security section that:
"The Gateway applies access security in addition to any access security that may be implemented in the IOCs... It supplements but cannot override IOC access security."


In order for the gateway to write to an ASG on an IOC, that ASG must have a write rule inserted that specifies the gateway UAG, gateway HAG in the ".acf". I've done this.

I use a gateway.access file that more or less duplicates the ".acf" that is used on the ioc. However, the experimenter using the gateway does not have write access unless I allow the PVs in the gateway.pvlist. I chose a broad match regular expression for an ASG (exptest) in the gateway (specifically - ILE2:.* ALLOW exptest) thinking that if a PV matched that expression BUT did not have an ASG of exptest then the gateway would not write. I was wrong. I found that PV's matching the expression that had ASG DEFAULT could be written by exptest users. This would seem to contradict the User Guide assertion. Have I mis-implemented or mis-understood?



Navigate by Date:
Prev: Re: Drivers for VMIVME-2536 Allan Honey
Next: Re: write access through ca gateway Kenneth Evans, Jr.
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  <20052006  2007  2008  2009  2010  2011  2012  2013  2014 
Navigate by Thread:
Prev: Re: Drivers for VMIVME-2536 Allan Honey
Next: Re: write access through ca gateway Kenneth Evans, Jr.
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  <20052006  2007  2008  2009  2010  2011  2012  2013  2014 
ANJ, 02 Sep 2010 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· EPICSv4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·