2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 <2024> | Index | 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 <2024> |
<== Date ==> | <== Thread ==> |
---|
Subject: | Re: separate ca/pva ports for r/w and r/o access? |
From: | "Johnson, Andrew N. via Core-talk" <core-talk at aps.anl.gov> |
To: | Zimoch Dirk <dirk.zimoch at psi.ch>, "core-talk at aps.anl.gov" <core-talk at aps.anl.gov> |
Date: | Fri, 26 Jan 2024 18:37:52 +0000 |
The IOC servers can't do what you're trying, any port they accept connections through will be r/w unless you configure Access Security for the clients, in which case you don't need the second port. Michael
added IP address support to the access security system fairly recently (I forget if you have to turn it on though), so if you know what all the IP addresses or DNA names are of one or the other client groups (r/w or r/o) you can just set up an access security
file with a HAG containing just those addresses. I forget whether it allows for subnet addresses. However, that only works for IOCs recent-enough versions of Base. It would be relatively easy to run separate CA (and PVA) gateways on a other ports to provide read-only access; this would work for all EPICS versions. - Andrew -- Complexity comes for free, Simplicity you have to work for. |