1
# Valid forms of the lines in this file:
3
# 1) EVALUATION ORDER <eval_order>
4
# 2) <pv_name_pattern> DENY [FROM] [<host> ...]
5
# 3) <pv_name_pattern> ALIAS <real_pv_name> [<asg> [<asl>]]
6
# 4) <pv_name_pattern> ALLOW [<asg> [<asl>]]
9
# <eval_order> = DENY, ALLOW allow rules take precedence
10
# ALLOW, DENY deny rules take precedence (default)
11
# <pv_name_pattern> = regular expression that matches PV names
12
# <host> = unqualified host name
13
# <real_pv_name> = substitution pattern that specifies the real PV name
14
# (\0 ... \9 are replaced by matched sub-expressions)
15
# <asg> = Access Security Group as specified in AS file [DEFAULT]
16
# <asl> = Access Security Level (0 or 1) [1]
20
# This will set the evaluation order that is used when a client requests
21
# a PV. Setting this to "DENY, ALLOW" will allow access to a PV name that matches
22
# both a DENY and an ALLOW pattern. "ALLOW, DENY" will make a DENY override an ALLOW
23
# for the same variable. (This is the default.)
24
# NOTE: Matching DENY FROM patterns (with host names) will always override matching
28
# The gateway will completely ignore requests for any PV that matches the pattern.
29
# Can be used to block the gateway from responding to groups of PVs.
30
# Naming hosts (DENY FROM) will block the PVs only for the given hosts (useful to
31
# prevent loops caused by forwarding to other gateways).
34
# Define an alias and allows it as a pattern for names which the Gateway should serve.
35
# For process variable names that match <pv-name-pattern>, the Gateway translates the
36
# name into a real process variable name and uses the real name as if it had been the
37
# one specified. The <real-pv-name> may contain the special escape sequences \1 ... \9
38
# which will be replaced by the nth subexpression matched. See a UNIX book on regular
39
# expressions for more information. Access security rules to be used for process
40
# variables matched by this pattern may be specified. If not specified, the defaults
41
# are the DEFAULT group and level 1. Apart from specifying an alias, this rule is
42
# functionally the same as ALLOW.
45
# Used to declare PV names which the Gateway should serve. Access security rules to
46
# be used for process variables matched by this pattern may be specified. If not
47
# specified, the defaults are the DEFAULT group and level 1.
50
# 1) Commands are not case sensitive.
51
# 2) Pattern use GNU-style regular expressions. (See the documentation included
52
# with the regex library for details on regular expressions.)
53
# 3) Any PV not included in an ALLOW command is not allowed access. If no PV list
54
# file is specified on the command line, a default rule ".* ALLOW" will be created.
55
# 4) The patterns are matched in reverse order. I.e. you should always specify general
56
# rules before specific rules.
57
# 5) See EPICS access security documentation for creating an access security
58
# file for the PV gateway.
61
# - make DENY rules override ALLOW rules
62
# - requests for PVs starting with Beam: will be allowed according to rules for access
63
# security group Beam, similarly for PS using PowerSupply and gateway flags using
65
# - anything starting with test is not allowed
66
# - ps0 ... ps9 are translated to PSCurrent0.ai ... PSCurrent9.ai and are allowed for
67
# the PowerSupply group at level 1.
70
EVALUATION ORDER ALLOW, DENY
77
PS.* ALLOW PowerSupply 1
78
gateway:.*Flag ALLOW GatewayAdmin
80
ps\([0-9]\) ALIAS PSCurrent\1.ai PowerSupply 1
82
# Convert old Gateway internal process variable names
83
gateway\.\(.*\) ALIAS gateway:\1
84
gateway\.\(.*\)Flag ALIAS gateway:\1Flag GatewayAdmin
85
gateway\.alive ALIAS gateway:connected
86
gateway\.postEventRate ALIAS gateway:clientPostRate