On Oct 28, 2020, at 6:27 AM, Ben Franksen via Tech-talk <
tech-talk at aps.anl.gov> wrote:
is there a way to specify that alarm acknowledgement is allowed for all
(or a specified set of) PVs for some user/host combination, without
allowing "normal" write accesses to these PVs?
tl;dr answer: I don’t believe so, not even in the IOC.
The longer answer:
Interesting question, that probably should be supported but there isn’t anything in the Access Security configuration that I know of pertaining to alarm acknowledgement. Global alarm acknowledgement is one feature of EPICS which seems to have
been mostly forgotten about and reimplemented elsewhere (I believe the Phoebus Alarm System does that so I assume the older alarm systems it replaced also had a central acknowledgment database). There are no equivalent features to this in PV Access (that I
know of yet), and we have never even been able to use caput to acknowledge an alarm (although I have the necessary changes for that somewhere).
The problem with trying to add this is that acknowledgement involves doing a ca_put with a special data type, DBR_PUT_ACKS or DBR_PUT_ACKT. I believe you can target an acknowledgement ca_put at any field of the record, so on an IOC this would
be subject to the security rules and level of whichever field you connected to.
I have always wondered why the IOC only supports 2 Access Security levels for the record fields. That area might be suitable for future development – I would want to consider replacing the idea of a level with a set of tags (implemented as a bit-mask),
and allow individual records to put specific fields into specifically tagged rule-sets (we also have the ASG field to play with, but an info field could be used for configuring individual records).
- Andrew
--
Complexity comes for free, simplicity you have to work for.