EPICS Home EPICS Controls Argonne National Laboratory

Experimental Physics and
Industrial Control System

Format page
for printing


Search Tech-talk
1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  <20212022  2023  2024  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  <20212022  2023  2024 
<== Date ==> <== Thread ==>
Subject: Re: Phoebus lock down BOB
From: Tynan Ford via Tech-talk <tech-talk at aps.anl.gov>
To: Stainer Tom <Tom.Stainer at sckcen.be>
Cc: "tech-talk at aps.anl.gov" <tech-talk at aps.anl.gov>
Date: Mon, 29 Mar 2021 09:24:29 -0700
Kay can correct me if I'm wrong, but I think using an authorization file could help "lock" the displays from being able to be edited. I am able to disable right click and edit display with this option.


That documentation is not up to date, but you can see the full file here: https://github.com/ControlSystemStudio/phoebus/blob/master/core/security/src/main/resources/authorization.conf#L50 and you can change the "edit_display = .*" line.

Then in the settings.ini file, you can point to the authorization file: org.phoebus.security/authorization_file=$(phoebus.install)/authorization.conf

Best,
Tynan

On Mon, Mar 29, 2021 at 5:51 AM Stainer Tom via Tech-talk <tech-talk at aps.anl.gov> wrote:

>> But it still opens CSS in the same way as opening the BOB file - I can edit the OPI and from the user point of view it is still Phoebus not a single page application that is locked down.
 
>When you run phoebus, you can't do much about the fact that that's what you're running.
> If you want something else, you'll have to use something else, for example the web runtime, which will only display/execute *.bob files, without an editor, without a data browser, without probe, pv tree  etc.

> You can also assemble your own site-specific version of phoebus where you simply don't include the display editor.
> Then you won't be able to invoke the editor, so you'll likely need to build two versions:
> One that includes the editor so you can create displays, and one without the editor for you end users to have an execute-only version.
> As a test, you can simply delete the file lib/app-display-editor-*.jar from the product.

> -Kay

That's clear, thanks for clarifying.

Kind regards,
Tom
References:
Phoebus lock down BOB Stainer Tom via Tech-talk
Re: Phoebus lock down BOB Kasemir, Kay via Tech-talk
RE: Phoebus lock down BOB Stainer Tom via Tech-talk
Re: Phoebus lock down BOB Kasemir, Kay via Tech-talk
RE: Phoebus lock down BOB Stainer Tom via Tech-talk
Re: Phoebus lock down BOB Kasemir, Kay via Tech-talk
RE: Phoebus lock down BOB Stainer Tom via Tech-talk
Navigate by Date:
Prev: modbus read error Дмитрий Прощенко via Tech-talk
Next: Re: Rate of change calculation Johnson, Andrew N. via Tech-talk
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  <20212022  2023  2024 
Navigate by Thread:
Prev: RE: Phoebus lock down BOB Stainer Tom via Tech-talk
Next: Usage of an EPICS word jun-ichi.odagiri--- via Tech-talk
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  <20212022  2023  2024 
ANJ, 29 Mar 2021 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·