Hi,
We are getting deeper into the use of EPICS CA
security as part of accelerator operations.
Can a change be made to the motorRecord.dbd in the next release of the
motorRecord software to follow the CA security level convention of the
other records found in EPICS BASE? (i.e. ASL0 and ASL1)
How do others in the EPICS community use CA security with the
motorRecord software?
What is the philosophy on Channel Access Security with the motorRecord?
Here is what we see in motorRecord.dbd:
=========================================================================
asl(ASL0) --- Freeze Offset (FOF)
asl(ASL0) --- Variable Offset (VOF)
asl(ASL0) --- Set SET Mode (SSET)
asl(ASL0) --- Set USE Mode (SUSE)
asl(ASL0) --- Base Velocity <EGU/s> (VBAS)
asl(ASL0) --- Max. Velocity <EGU/s> (VMAX)
asl(ASL0) --- Base Speed <RPS> (SBAS)
asl(ASL0) --- Max. Speed <RPS> (SMAX)
asl(ASL0) --- EGU's per Revolution (UREV)
asl(ASL0) --- Motor Step Size <EGU> (MRES)
==========================================================================
This means that all other fields are security level 1. The only ones
that we expect to be security level 0 are the (VAL) and (DVAL) field,
hmmm? The operators should be able to move and tweak the motors at the
ASL0 level. If the idea is to have the non-experts modify a field such
as MRES then what about ERES?. Also, the way it is now only the expert
can move the motor but the non-experts can change the calibration.
Here is what the CA security section of the "EPICS App Dev. Guide"
states:
============================================================================
Permission for a level 1 field implies permission for level 0 fields.
The permissions are NONE, READ, and WRITE. WRITE permission implies READ
permission. The standard EPICS record types have all fields set to level
1 except for VAL, CMD (command), and RES (reset).
============================================================================
We use CA security heavily here and the other output record types
follows the scheme as stated in the CA security section of the App
Developer's Guide
Thanks,
Ernest L. Williams Jr.
SNS Control Systems Group
ORNL