Experimental Physics and
Industrial Control System

There are several ways, depending on your needs and environment.

You can simply make the display files read-only, or copy them from the location where you edit them into a read-only “production” area.

There’s usually the issue that you want to reach the production displays not only from the control room network but also from offices (using a read-only gateway for the PVs). That can be accomplished by sharing them via NFS/SAMBA/… or via an http:// file server (which by its nature is read-only).

With such read-only files, it’s usually still desirable to include the editor in CSS because that way anybody with some artistic talent can open the files in the editor, improve them, save the new files in some other location (since the production area is read-only) for their own use, or contact the appropriate people to get the improved display file installed into the production area.

If you are convinced that your end users won’t be able to offer any improvements, you can provide them with a crippled version of CSS that doesn’t include the editor. Simply delete the lib/app-display-editor-*.jar from a pre-built binary. Eventually build your own site-specific binaries, see https://github.com/ControlSystemStudio/phoebus/blob/master/phoebus-product/README.md

As for different roles, see https://docs.epics-controls.org/en/latest/specs/AccessSecurity.html