Argonne National Laboratory

Experimental Physics and
Industrial Control System

1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  <20062007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  <20062007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017 
<== Date ==> <== Thread ==>

Subject: Re: EPICS CA security with the motorRecord?
From: "Martin L. Smith" <mls@aps.anl.gov>
To: "Ernest L. Williams Jr." <ernesto@ornl.gov>
Cc: "Ronald L. Sluiter" <sluiter@aps.anl.gov>, EPICS tech-talk <tech-talk@aps.anl.gov>, Mark Rivers <rivers@cars.uchicago.edu>
Date: Fri, 13 Jan 2006 06:17:37 -0600
Hi Ernest,

I have another record that is able to put values to the motor record
and the motor record is in an access security group such that only the
experts can modify any field of the record.

Of course this is more of a work around but works out well for my
application since multiple motors are being controlled with a single
position entry.

Marty

Ernest L. Williams Jr. wrote:
Hi,

We are getting deeper into the use of EPICS CA
security as part of accelerator operations.


Can a change be made to the motorRecord.dbd in the next release of the
motorRecord software to follow the CA security level convention of the
other records found in EPICS BASE? (i.e. ASL0 and ASL1)

How do others in the EPICS community use CA security with the
motorRecord software?


What is the philosophy on Channel Access Security with the motorRecord?


Here is what we see in motorRecord.dbd:
=========================================================================
asl(ASL0) --- Freeze Offset (FOF)
asl(ASL0) --- Variable Offset (VOF)
asl(ASL0) --- Set SET Mode (SSET)
asl(ASL0) --- Set USE Mode (SUSE) asl(ASL0) --- Base Velocity <EGU/s> (VBAS)
asl(ASL0) --- Max. Velocity <EGU/s> (VMAX)
asl(ASL0) --- Base Speed <RPS> (SBAS) asl(ASL0) --- Max. Speed <RPS> (SMAX)
asl(ASL0) --- EGU's per Revolution (UREV)
asl(ASL0) --- Motor Step Size <EGU> (MRES)
==========================================================================


This means that all other fields are security level 1.  The only ones
that we expect to be security level 0 are the (VAL) and (DVAL) field,
hmmm?  The operators should be able to move and tweak the motors at the
ASL0 level.  If the idea is to have the non-experts modify a field such
as MRES then what about ERES?.  Also, the way it is now only the expert
can move the motor but the non-experts can change the calibration.


Here is what the CA security section of the "EPICS App Dev. Guide" states: ============================================================================ Permission for a level 1 field implies permission for level 0 fields. The permissions are NONE, READ, and WRITE. WRITE permission implies READ permission. The standard EPICS record types have all fields set to level 1 except for VAL, CMD (command), and RES (reset). ============================================================================

We use CA security heavily here and the other output record types
follows the scheme as stated in the CA security section of the App
Developer's Guide



Thanks,
Ernest L. Williams Jr.
SNS Control Systems Group
ORNL






References:
EPICS CA security with the motorRecord? Ernest L. Williams Jr.

Navigate by Date:
Prev: Using Async driver in linux to sent UDP broadcast message Bruins, Stefan
Next: GPIB Support for 3.13.x Benjamin Franksen
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  <20062007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017 
Navigate by Thread:
Prev: EPICS CA security with the motorRecord? Ernest L. Williams Jr.
Next: Using Async driver in linux to sent UDP broadcast message Bruins, Stefan
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  <20062007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017 
ANJ, 02 Sep 2010 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·