Experimental Physics and
Industrial Control System

I have another record that is able to put values to the motor record
and the motor record is in an access security group such that only the
experts can modify any field of the record.

Of course this is more of a work around but works out well for my
application since multiple motors are being controlled with a single
position entry.

Hi,

We are getting deeper into the use of EPICS CA
security as part of accelerator operations.

Can a change be made to the motorRecord.dbd in the next release of the
motorRecord software to follow the CA security level convention of the
other records found in EPICS BASE? (i.e. ASL0 and ASL1)

How do others in the EPICS community use CA security with the
motorRecord software?

What is the philosophy on Channel Access Security with the motorRecord?

Here is what we see in motorRecord.dbd:
=========================================================================
asl(ASL0) --- Freeze Offset (FOF)
asl(ASL0) --- Variable Offset (VOF)
asl(ASL0) --- Set SET Mode (SSET)
asl(ASL0) --- Set USE Mode (SUSE) asl(ASL0) --- Base Velocity <EGU/s> (VBAS)
asl(ASL0) --- Max. Velocity <EGU/s> (VMAX)
asl(ASL0) --- Base Speed <RPS> (SBAS) asl(ASL0) --- Max. Speed <RPS> (SMAX)
asl(ASL0) --- EGU's per Revolution (UREV)
asl(ASL0) --- Motor Step Size <EGU> (MRES)
==========================================================================

This means that all other fields are security level 1.  The only ones
that we expect to be security level 0 are the (VAL) and (DVAL) field,
hmmm?  The operators should be able to move and tweak the motors at the
ASL0 level.  If the idea is to have the non-experts modify a field such
as MRES then what about ERES?.  Also, the way it is now only the expert
can move the motor but the non-experts can change the calibration.

Here is what the CA security section of the "EPICS App Dev. Guide"
states:
============================================================================
Permission for a level 1 field implies permission for level 0 fields.
The permissions are NONE, READ, and WRITE. WRITE permission implies READ
permission. The standard EPICS record types have all fields set to level
1 except for VAL, CMD (command), and RES (reset).
============================================================================

We use CA security heavily here and the other output record types
follows the scheme as stated in the CA security section of the App
Developer's Guide

Thanks,
Ernest L. Williams Jr.
SNS Control Systems Group
ORNL

References:

EPICS CA security with the motorRecord? Ernest L. Williams Jr.

Navigate by Date:

Prev: Using Async driver in linux to sent UDP broadcast message Bruins, Stefan

Next: GPIB Support for 3.13.x Benjamin Franksen

Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  <2006>  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 

Navigate by Thread:

Prev: EPICS CA security with the motorRecord? Ernest L. Williams Jr.

Next: Using Async driver in linux to sent UDP broadcast message Bruins, Stefan

Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  <2006>  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024