# Valid forms of the lines in this file: # # 1) EVALUATION ORDER # 2) DENY [FROM] [ ...] # 3) ALIAS [ []] # 4) ALLOW [ []] # # where: # = DENY, ALLOW allow rules take precedence # ALLOW, DENY deny rules take precedence (default) # = regular expression that matches PV names # = unqualified host name # = substitution pattern that specifies the real PV name # (\0 ... \9 are replaced by matched sub-expressions) # = Access Security Group as specified in AS file [DEFAULT] # = Access Security Level (0 or 1) [1] # # # ORDER: # This will set the evaluation order that is used when a client requests # a PV. Setting this to "DENY, ALLOW" will allow access to a PV name that matches # both a DENY and an ALLOW pattern. "ALLOW, DENY" will make a DENY override an ALLOW # for the same variable. (This is the default.) # NOTE: Matching DENY FROM patterns (with host names) will always override matching # ALLOW patterns. # # DENY / DENY FROM: # The gateway will completely ignore requests for any PV that matches the pattern. # Can be used to block the gateway from responding to groups of PVs. # Naming hosts (DENY FROM) will block the PVs only for the given hosts (useful to # prevent loops caused by forwarding to other gateways). # # ALIAS: # Define an alias and allows it as a pattern for names which the Gateway should serve. # For process variable names that match , the Gateway translates the # name into a real process variable name and uses the real name as if it had been the # one specified. The may contain the special escape sequences \1 ... \9 # which will be replaced by the nth subexpression matched. See a UNIX book on regular # expressions for more information. Access security rules to be used for process # variables matched by this pattern may be specified. If not specified, the defaults # are the DEFAULT group and level 1. Apart from specifying an alias, this rule is # functionally the same as ALLOW. # # ALLOW: # Used to declare PV names which the Gateway should serve. Access security rules to # be used for process variables matched by this pattern may be specified. If not # specified, the defaults are the DEFAULT group and level 1. # # Notes: # 1) Commands are not case sensitive. # 2) Pattern use GNU-style regular expressions. (See the documentation included # with the regex library for details on regular expressions.) # 3) Any PV not included in an ALLOW command is not allowed access. If no PV list # file is specified on the command line, a default rule ".* ALLOW" will be created. # 4) The patterns are matched in reverse order. I.e. you should always specify general # rules before specific rules. # 5) See EPICS access security documentation for creating an access security # file for the PV gateway. # # Below: # - make DENY rules override ALLOW rules # - requests for PVs starting with Beam: will be allowed according to rules for access # security group Beam, similarly for PS using PowerSupply and gateway flags using # GatewayAdmin # - anything starting with test is not allowed # - ps0 ... ps9 are translated to PSCurrent0.ai ... PSCurrent9.ai and are allowed for # the PowerSupply group at level 1. EVALUATION ORDER ALLOW, DENY [0-9].* ALLOW [a-z].* ALLOW [A-Z].* ALLOW Beam:.* ALLOW Beam 1 PS.* ALLOW PowerSupply 1 gateway:.*Flag ALLOW GatewayAdmin test.* DENY ps\([0-9]\) ALIAS PSCurrent\1.ai PowerSupply 1 # Convert old Gateway internal process variable names gateway\.\(.*\) ALIAS gateway:\1 gateway\.\(.*\)Flag ALIAS gateway:\1Flag GatewayAdmin gateway\.alive ALIAS gateway:connected gateway\.postEventRate ALIAS gateway:clientPostRate