Hi Óscar,
On Apr 21, 2021, at 3:12 PM, Oscar Ibañez via Tech-talk <tech-talk at aps.anl.gov> wrote:
>
> Yest, that's right. Permissions to write PVs. But logging out & in, or using 'sudo' are not acceptable solutions for this situation. Any solution has to come from the Phoebus graphical interface. No command line. The computer session has to remain untouched.
Neither Pheobus nor any other EPICS GUI that I know of may be suitable for your requirements as you describe them. The Channel Access protocol may also be unsuitable if you expect the IOC to continue to enforce the access rules as it does at the moment.
The existing EPICS Access Security design only allows each virtual circuit (i.e. the client - server connection which is used to transport PV data between those two end-points) to have a single user identity associated with it, and that identity is the name of the account running the software on the client. Thus all EPICS CA clients and GUIs have only ever supported a single user.
With enough changes it would be possible for a single process to open parallel connections to a single IOC that have different user identities, but that would involve making API changes to the client library which existing EPICS clients wouldn’t support. Modifications to add that support throughout the software stack would probably take quite a few FTEs of skilled programmer effort to implement.
- Andrew
> El 21/04/2021 a las 21:49, Kasemir, Kay escribió:
>>> We are going to have several users using Phoebus. Different users have
>>> different permissions to view and to edit, like any other system.
>>> ...
>>> the change has to be made without logging out from the current computer session.
>> Permissions to do _what_?
>> Write PVs?
>> That's handled by Channel Access (or PV Access) security, which is based on the current user.
>> Phoebus (or EDM, MEDM, python CA library, command line caput, ...) don't have any way to change that user.
>> The only option you have is either log out & log back in,
>> or use 'sudo' to change user and start another instance of the program as that different user.
>>
>> -Kay
>>
--
Complexity comes for free, simplicity you have to work for.
- References:
- What is the best (and simple) way to implement security in a Phoebus solution? Oscar Ibañez via Tech-talk
- Re: What is the best (and simple) way to implement security in a Phoebus solution? J. Lewis Muir via Tech-talk
- Re: What is the best (and simple) way to implement security in a Phoebus solution? Oscar Ibañez via Tech-talk
- Re: [EXTERNAL] Re: What is the best (and simple) way to implement security in a Phoebus solution? Kasemir, Kay via Tech-talk
- Re: [EXTERNAL] Re: What is the best (and simple) way to implement security in a Phoebus solution? Oscar Ibañez via Tech-talk
- Navigate by Date:
- Prev:
Re: [EXTERNAL] Re: What is the best (and simple) way to implement security in a Phoebus solution? Oscar Ibañez via Tech-talk
- Next:
Re: What is the best (and simple) way to implement security in a Phoebus solution? J. Lewis Muir via Tech-talk
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
<2021>
2022
2023
2024
- Navigate by Thread:
- Prev:
Re: [EXTERNAL] Re: What is the best (and simple) way to implement security in a Phoebus solution? Oscar Ibañez via Tech-talk
- Next:
Re: [EXTERNAL] Re: What is the best (and simple) way to implement security in a Phoebus solution? Oscar Ibañez via Tech-talk
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
<2021>
2022
2023
2024
|