Tango Access Control - TANGO Controls

# 9 years ago
Chris	Hello All! I am trying to get Tango Access Control working on my Tango 8 system but have run into some trouble. As per section 9.12.2 of the manual, I set the CtrlSystem free property with a Services property with the following entry: AccessControl/tango:sys/access_control/1 With this set, I can see the AccessControl is active in Astor and can access the manager from the Tools menu (only when TANGO_SUPER is set though, as I don't know what the default password is). I also get the following message when trying to start Astor: sys/access_control/1 -> Forced to write access = false Host name/address cannot be determined ! Moreover, the Starter no longer starts. If I try to start it manually I get the following: Tango exception Severity = ERROR Error reason = API_ReadOnlyMode Desc : Command DbGetHostServersInfo on device sys/database/2 is not authorized Origin : Connection::command_inout() This seems strange as I have not changed the default access rights from all users have read and write access to all devices. Does anyone have any advice for setting up the AccessControl ? or any pointers to some documentation that I may have missed would be greatly appreciated. Regards, Chris

# 9 years ago

Hello All!

I am trying to get Tango Access Control working on my Tango 8 system but have run into some trouble. As per section 9.12.2 of the manual, I set the CtrlSystem free property with a Services property with the following entry:

AccessControl/tango:sys/access_control/1

With this set, I can see the AccessControl is active in Astor and can access the manager from the Tools menu (only when TANGO_SUPER is set though, as I don't know what the default password is). I also get the following message when trying to start Astor:

sys/access_control/1 -> Forced to write access = false
Host name/address cannot be determined !

Moreover, the Starter no longer starts. If I try to start it manually I get the following:

Tango exception
Severity = ERROR
Error reason = API_ReadOnlyMode
Desc : Command DbGetHostServersInfo on device sys/database/2 is not authorized
Origin : Connection::command_inout()

This seems strange as I have not changed the default access rights from all users have read and write access to all devices.

Does anyone have any advice for setting up the AccessControl ? or any pointers to some documentation that I may have missed would be greatly appreciated.

Regards,
Chris

# 9 years ago
Jean-Luc	Hello, Just an idea. Did you set these class properties for the database ? The following code can be directly loaded by Jive. Regards, Jean-Luc CLASS/DataBase->AllowedAccessCmd: DbGetServerInfo,\ DbGetServerNameList,\ DbGetInstanceNameList,\ DbGetDeviceServerClassList,\ DbGetDeviceList,\ DbGetDeviceDomainList,\ DbGetDeviceFamilyList,\ DbGetDeviceMemberList,\ DbGetClassList,\ DbGetDeviceAliasList,\ DbGetObjectList,\ DbGetPropertyList,\ DbGetProperty,\ DbGetClassPropertyList,\ DbGetClassProperty,\ DbGetDevicePropertyList,\ DbGetDeviceProperty,\ DbGetClassAttributeList,\ DbGetDeviceAttributeProperty,\ DbGetDeviceAttributeProperty2,\ DbGetLoggingLevel,\ DbGetAliasDevice,\ DbGetClassForDevice,\ DbGetClassInheritanceForDevice,\ DbGetDataForServerCache,\ DbInfo,\ DbGetClassAttributeProperty,\ DbGetClassAttributeProperty2,\ DbMysqlSelect,\ DbGetDeviceInfo,\ DbGetDeviceWideList,\ DbImportEvent,\ DbGetDeviceAlias,\ DbGetCSDbServerList,\ DbGetDeviceClassList,\ DbGetDeviceExportedList,\ DbGetHostServerList,\ DbGetAttributeAlias2,\ DbGetAliasAttribute,\ DbGetClassPipeProperty,\ DbGetDevicePipeProperty,\ DbGetClassPipeList,\ DbGetDevicePipeList,\ DbGetAttributeAliasList

# 9 years ago

Jean-Luc

Hello,

Just an idea.
Did you set these class properties for the database ?
The following code can be directly loaded by Jive.

Regards,
Jean-Luc


CLASS/DataBase->AllowedAccessCmd: DbGetServerInfo,\ 
                                  DbGetServerNameList,\ 
                                  DbGetInstanceNameList,\ 
                                  DbGetDeviceServerClassList,\ 
                                  DbGetDeviceList,\ 
                                  DbGetDeviceDomainList,\ 
                                  DbGetDeviceFamilyList,\ 
                                  DbGetDeviceMemberList,\ 
                                  DbGetClassList,\ 
                                  DbGetDeviceAliasList,\ 
                                  DbGetObjectList,\ 
                                  DbGetPropertyList,\ 
                                  DbGetProperty,\ 
                                  DbGetClassPropertyList,\ 
                                  DbGetClassProperty,\ 
                                  DbGetDevicePropertyList,\ 
                                  DbGetDeviceProperty,\ 
                                  DbGetClassAttributeList,\ 
                                  DbGetDeviceAttributeProperty,\ 
                                  DbGetDeviceAttributeProperty2,\ 
                                  DbGetLoggingLevel,\ 
                                  DbGetAliasDevice,\ 
                                  DbGetClassForDevice,\ 
                                  DbGetClassInheritanceForDevice,\ 
                                  DbGetDataForServerCache,\ 
                                  DbInfo,\ 
                                  DbGetClassAttributeProperty,\ 
                                  DbGetClassAttributeProperty2,\ 
                                  DbMysqlSelect,\ 
                                  DbGetDeviceInfo,\ 
                                  DbGetDeviceWideList,\ 
                                  DbImportEvent,\ 
                                  DbGetDeviceAlias,\ 
                                  DbGetCSDbServerList,\ 
                                  DbGetDeviceClassList,\ 
                                  DbGetDeviceExportedList,\ 
                                  DbGetHostServerList,\ 
                                  DbGetAttributeAlias2,\ 
                                  DbGetAliasAttribute,\ 
                                  DbGetClassPipeProperty,\ 
                                  DbGetDevicePipeProperty,\ 
                                  DbGetClassPipeList,\ 
                                  DbGetDevicePipeList,\ 
                                  DbGetAttributeAliasList

# 9 years ago
Chris	Hi Jean-Luc, Thanks for the pointer. I hadn't set those class properties, however, after I did I am still in the same position as before. Cheers Chris

# 9 years ago
Andy	Hi Chris, there default passwd by default is "SUPER_TANGO". Once you have the Tango Access Control Manager window opened from Astor, click on "File/Change Password" menu to change it. Maybe this helps you get further. Andy Edited 9 years ago

# 9 years ago
Jean-Luc	Chris Hi Jean-Luc, Thanks for the pointer. I hadn't set those class properties, however, after I did I am still in the same position as before. Cheers Chris I'm not an expert of the TAC low level system but it is strange because this property is the one we have at the ESRF. If I remember well, this class property is used to authorize some in/out commands to be accepted in ReadOnly mode. However I don't see the command DbGetHostServersInfo in the list. May be you can try to add it in the list. Hope this helps.

# 9 years ago

Jean-Luc

Chris
Hi Jean-Luc,

Thanks for the pointer. I hadn't set those class properties, however, after I did I am still in the same position as before.

Cheers
Chris

I'm not an expert of the TAC low level system but it is strange because this property is the one we have at the ESRF.
If I remember well, this class property is used to authorize some in/out commands to be accepted in ReadOnly mode.
However I don't see the command DbGetHostServersInfo in the list.
May be you can try to add it in the list.
Hope this helps.

# 9 years ago
Pascal	Hi Chris. The command list given by Jean-Luc is supposed to be set when you have created/updated your MySql database. Did you create your database for Tango-8 or was it older ? If it was older, have you updated it ? If yes, a bug could be in update script. When you have started the TAC manager, did you create a user with your login name ? Could you send me a screen dump of the TAC manager ?

# 9 years ago
Chris	Jean-Luc However I don't see the command DbGetHostServersInfo in the list. May be you can try to add it in the list. Hope this helps. Thanks for that, I managed to get the starter running after I added this and DbExportDevice. I also had to add DbDeleteDeviceProperty to get my servers running. Pascal Hi Chris. The command list given by Jean-Luc is supposed to be set when you have created/updated your MySql database.Did you create your database for Tango-8 or was it older ? If it was older, have you updated it ? If yes, a bug could be in update script. My database was created for Tango-8 and I actually didn't realise but the list Jean-Luc provided was created (minus the extra commands) Pascal When you have started the TAC manager, did you create a user with your login name ? Could you send me a screen dump of the TAC manager ? I didn't create a user with my login name as I thought I would be included in the "All Users" group, is this not the case ? Below is a screen dump of my TAC Manager. Regards, Chris

# 9 years ago

Chris

Jean-Luc
However I don't see the command DbGetHostServersInfo in the list.
May be you can try to add it in the list.
Hope this helps.

Thanks for that, I managed to get the starter running after I added this and DbExportDevice. I also had to add DbDeleteDeviceProperty to get my servers running.

Pascal
Hi Chris.
The command list given by Jean-Luc is supposed to be set when you have created/updated your MySql database.Did you create your database for Tango-8 or was it older ? If it was older, have you updated it ?
If yes, a bug could be in update script.

My database was created for Tango-8 and I actually didn't realise but the list Jean-Luc provided was created (minus the extra commands)

Pascal
When you have started the TAC manager, did you create a user with your login name ?
Could you send me a screen dump of the TAC manager ?

I didn't create a user with my login name as I thought I would be included in the "All Users" group, is this not the case ?
Below is a screen dump of my TAC Manager.

Regards, Chris

# 9 years ago
Pascal	I cannot read your image. Could you send it to tango@esrf.fr

# 9 years ago
Pascal	It seems that your problem is not a problem of TAC, but a problem to check your host address. The TAC is based on user name and host address. If host address cannot be determined, the TAC cannot work and everything is READ ONLY. Now, why is it impossible to determined your host address. Which release of TangORB is used ?

# 9 years ago
Chris	I seems I have solved the issue. It has come to my attention that due to our network setup hostnames are not resolved and so to get around this I have added a new entry in my /etc/hosts file for the machines where I want the hostnames to be resolved. With that workaround, and the extra AllowedAccessCmd properties for the Database device I have the TAC working. Thanks for all the help.