Hi,
We are getting deeper into the use of EPICS CA
security as part of accelerator operations.
Can a change be made to the motorRecord.dbd in the next release of the
motorRecord software to follow the CA security level convention of the
other records found in EPICS BASE? (i.e. ASL0 and ASL1)
How do others in the EPICS community use CA security with the
motorRecord software?
What is the philosophy on Channel Access Security with the motorRecord?
Here is what we see in motorRecord.dbd:
=========================================================================
asl(ASL0) --- Freeze Offset (FOF)
asl(ASL0) --- Variable Offset (VOF)
asl(ASL0) --- Set SET Mode (SSET)
asl(ASL0) --- Set USE Mode (SUSE)
asl(ASL0) --- Base Velocity <EGU/s> (VBAS)
asl(ASL0) --- Max. Velocity <EGU/s> (VMAX)
asl(ASL0) --- Base Speed <RPS> (SBAS)
asl(ASL0) --- Max. Speed <RPS> (SMAX)
asl(ASL0) --- EGU's per Revolution (UREV)
asl(ASL0) --- Motor Step Size <EGU> (MRES)
==========================================================================
This means that all other fields are security level 1. The only ones
that we expect to be security level 0 are the (VAL) and (DVAL) field,
hmmm? The operators should be able to move and tweak the motors at the
ASL0 level. If the idea is to have the non-experts modify a field such
as MRES then what about ERES?. Also, the way it is now only the expert
can move the motor but the non-experts can change the calibration.
Here is what the CA security section of the "EPICS App Dev. Guide"
states:
============================================================================
Permission for a level 1 field implies permission for level 0 fields.
The permissions are NONE, READ, and WRITE. WRITE permission implies READ
permission. The standard EPICS record types have all fields set to level
1 except for VAL, CMD (command), and RES (reset).
============================================================================
We use CA security heavily here and the other output record types
follows the scheme as stated in the CA security section of the App
Developer's Guide
Thanks,
Ernest L. Williams Jr.
SNS Control Systems Group
ORNL
- Replies:
- Re: EPICS CA security with the motorRecord? Martin L. Smith
- Navigate by Date:
- Prev:
RE: orderly shutdown Jeff Hill
- Next:
Re: About: timeout handler of epicsTimer Andrew Johnson
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
<2006>
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
RE: vxStats Gurd, Pamela A.
- Next:
Re: EPICS CA security with the motorRecord? Martin L. Smith
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
<2006>
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
|