-
Notifications
You must be signed in to change notification settings - Fork 2
IOC access security
Access security, alternatively known as "manager mode", is used to prevent users from writing values to an IOC while letting instrument scientists assign values.
Here are the basic steps to follow:
- For each record in the IOC which should be protected, add an
ASGfield - For instrument specific DB records, it is ok to hard-code the ASG (for example,
field(ASG, "MANAGER")) - For general IOCs, the access security group should be defined as a macro (e.g.
field(ASG, "$(ASG=DEFAULT)")). Giving theASGmacro a default value ofDEFAULTwill mean that existing instruments using this IOC will be unaffected. - The
ASGmacro can then be supplied from anst.cmd, or aglobals.txtas appropriate. The two useful values for the ASG macro for setting up access security areDEFAULT(acts as normal) andMANAGER(with access security).
(If you need a "real world" example, the jaw set on Polaris has been set up using access security.)
The access security rule is defined in C:\Instrument\Apps\EPICS\support\AccessSecurity\master\default.acf.
This looks at a PV which is $(P)CS:MANAGER. If the PV is set to 1 then manager mode is enabled, if it is 0 then manager mode is disabled. The GUI simply sets this PV to 1 or 0 as you enter or exit manager mode.
To check whether access security is working properly it can be useful to use a cainfo <pv>, this tells you whether you currently have read, write, or both permissions.
https://github.com/ISISComputingGroup/ibex_developers_manual/wiki/EPICS-basics#Access-Security
https://github.com/ISISComputingGroup/ibex_developers_manual/wiki/Access-Gateway