g+
g+ Communities
Argonne National Laboratory

Experimental Physics and
Industrial Control System

1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  <20062007  2008  2009  2010  2011  2012  2013  2014  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  <20062007  2008  2009  2010  2011  2012  2013  2014 
<== Date ==> <== Thread ==>

Subject: EPICS CA security with the motorRecord?
From: "Ernest L. Williams Jr." <ernesto@ornl.gov>
To: "Ronald L. Sluiter" <sluiter@aps.anl.gov>
Cc: EPICS tech-talk <tech-talk@aps.anl.gov>, Mark Rivers <rivers@cars.uchicago.edu>, ernesto@ornl.gov
Date: Thu, 12 Jan 2006 18:16:56 -0500
Hi,

We are getting deeper into the use of EPICS CA
security as part of accelerator operations.  

Can a change be made to the motorRecord.dbd in the next release of the
motorRecord software to follow the CA security level convention of the
other records found in EPICS BASE? (i.e. ASL0 and ASL1)

How do others in the EPICS community use CA security with the
motorRecord software?


What is the philosophy on Channel Access Security with the motorRecord?

Here is what we see in motorRecord.dbd:
=========================================================================
 asl(ASL0)  --- Freeze Offset  (FOF)
 asl(ASL0)  --- Variable Offset (VOF)
 asl(ASL0)  --- Set SET Mode    (SSET)
 asl(ASL0)  --- Set USE Mode   (SUSE) 
 asl(ASL0)  --- Base Velocity <EGU/s>  (VBAS)
 asl(ASL0)  --- Max. Velocity <EGU/s>   (VMAX)
 asl(ASL0)  --- Base Speed <RPS>   (SBAS)  
 asl(ASL0)  --- Max. Speed <RPS>  (SMAX)
 asl(ASL0)  --- EGU's per Revolution  (UREV)
 asl(ASL0)  --- Motor Step Size <EGU>  (MRES)
==========================================================================

This means that all other fields are security level 1.  The only ones
that we expect to be security level 0 are the (VAL) and (DVAL) field,
hmmm?  The operators should be able to move and tweak the motors at the
ASL0 level.  If the idea is to have the non-experts modify a field such
as MRES then what about ERES?.  Also, the way it is now only the expert
can move the motor but the non-experts can change the calibration.


Here is what the CA security section of the "EPICS App Dev. Guide"
states:
============================================================================
Permission for a level 1 field implies permission for level 0 fields.
The permissions are NONE, READ, and WRITE. WRITE permission implies READ
permission. The standard EPICS record types have all fields set to level
1 except for VAL, CMD (command), and RES (reset).
============================================================================

We use CA security heavily here and the other output record types
follows the scheme as stated in the CA security section of the App
Developer's Guide



Thanks,
Ernest L. Williams Jr.
SNS Control Systems Group
ORNL




Replies:
Re: EPICS CA security with the motorRecord? Martin L. Smith

Navigate by Date:
Prev: RE: orderly shutdown Jeff Hill
Next: Re: About: timeout handler of epicsTimer Andrew Johnson
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  <20062007  2008  2009  2010  2011  2012  2013  2014 
Navigate by Thread:
Prev: RE: vxStats Gurd, Pamela A.
Next: Re: EPICS CA security with the motorRecord? Martin L. Smith
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  <20062007  2008  2009  2010  2011  2012  2013  2014 
ANJ, 02 Sep 2010 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· EPICSv4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·