Hi Pierrick,
On 2011-12-21 Pierrick Hanlet wrote:
>
> When using caInfo on a record, one piece of infomation displayed is
> read/write access to the record. What are the different means of
> setting this read/write access? Can a network firewall setting affect
> this value, or is it strictly controlled by epics?
Whether a PV is readable or writable is controlled by the CA server that
provides the PV, and can depend on the client's host and/or login name as well
as other state known to the server. For an IOC the permissions are controlled
by any Access Security (AS) rules loaded by that IOC, as documented in chapter
8 of the Application Developers' Guide. If the IOC doesn't load an access
security configuration file no access restrictions are enforced so any client
gets full read+write access to every record field.
AS rules can be used to make individual PVs read-write, read-only, write-only
(!) or not accessible at all, but they can't make them invisible. Note that I
am using the term PV here instead of record, since different rules can apply
to the VAL field of most record types than to the other fields. The record
type defines an Access Security Level (ASL) of 0 or 1 for each field in the
record, and the rules can apply to either ASL0 fields (usually .VAL only) or
to both ASL1 and ASL0 (all fields).
The PV Gateway also uses the same access security implementation and rules
file syntax as the IOC, but it doesn't give as fine control as rules on the
IOC do.
Network firewalls cannot change read/write access permissions, they can only
block or allow CA traffic as a whole. However you can run a PV Gateway in
parallel with a firewall to make PVs visible from outside the machine network;
the APS uses that to make our operational PVs visible (but read-only) to
machines on our general office networks.
HTH,
- Andrew
--
Optimization is the process of taking something that works and
replacing it with something that almost works, but costs less.
-- Roger Needham
- References:
- cainfo and access Pierrick Hanlet
- Navigate by Date:
- Prev:
cainfo and access Pierrick Hanlet
- Next:
Re: cainfo and access Geoff Savage
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
<2011>
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
cainfo and access Pierrick Hanlet
- Next:
Re: cainfo and access Geoff Savage
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
<2011>
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
|