TAC problem - TANGO Controls

# 6 years ago
Dusan.Ristic	Hi, I have problem with Tango Access Control and it would be great if you could help me out. When environmental variable SUPER_TANGO is set to true, I am able to run all servers and tools. I gave all rights to all users, and property Services belonging to the free object CtrlSystem is also created (by executing command RegisterService). All of this is showed in the picture below: However, when I set variable SUPER_TANGO to false, I can't start anything beside database. In the picture 2, you can see what I'm getting when I want to start Starter and Astor: Why I have this problem even though I've set write rights for all users? Many thanks, Dusan Edited 6 years ago Attachments:

# 6 years ago

Hi,

I have problem with Tango Access Control and it would be great if you could help me out.

When environmental variable SUPER_TANGO is set to true, I am able to run all servers and tools. I gave all rights to all users, and property Services belonging to the free object CtrlSystem is also created (by executing command RegisterService).
All of this is showed in the picture below:

However, when I set variable SUPER_TANGO to false, I can't start anything beside database.
In the picture 2, you can see what I'm getting when I want to start Starter and Astor:

Why I have this problem even though I've set write rights for all users?

Many thanks,
Dusan

Edited 6 years ago

# 6 years ago
Dusan.Ristic	P.S. I tried with creating new group with my username (can I use Ubuntu username btw?) and IP adress, but that didn't help either. I also found this, http://www.tango-controls.org/community/forum/c/general/development/tango-access-control/?page=1, but I'm not sure what those class properties in the second post are for, and should I do it at all, because this post is 2 years old. Edited 6 years ago Attachments:

# 6 years ago

Dusan.Ristic

P.S. I tried with creating new group with my username (can I use Ubuntu username btw?) and IP adress, but that didn't help either.

I also found this, http://www.tango-controls.org/community/forum/c/general/development/tango-access-control/?page=1, but I'm not sure what those class properties in the second post are for, and should I do it at all, because this post is 2 years old.

Edited 6 years ago

# 6 years ago
philippeg	On your first screenshot, the value of the free object CtrlSystem is not entirely readble. Could you confirm it is set to "AccessControl/tango:sys/access_control/1"? At first and during test, I would use a generic configuration allowing write access to all users. For your last question, since TAC get the username from the OS, I think it will not be an issue. - Philippe Edited 6 years ago

# 6 years ago
Reynald	Dusan.Ristic I also found this, http://www.tango-controls.org/community/forum/c/general/development/tango-access-control/?page=1, but I'm not sure what those class properties in the second post are for, and should I do it at all, because this post is 2 years old. This is still valid… This Database class property should be defined properly. In your case, it looks like DbGetProperty (at least) is not listed in this class property. This looks strange to me because it is supposed to be defined when you install Tango… How did you install Tango on your machine? Kind regards, Reynald Rosenberg's Law: Software is easy to make, except when you want it to do something new. Corollary: The only software that's worth making is software that does something new.

# 6 years ago

Reynald

Dusan.Ristic
I also found this, http://www.tango-controls.org/community/forum/c/general/development/tango-access-control/?page=1, but I'm not sure what those class properties in the second post are for, and should I do it at all, because this post is 2 years old.

This is still valid… This Database class property should be defined properly.
In your case, it looks like DbGetProperty (at least) is not listed in this class property.
This looks strange to me because it is supposed to be defined when you install Tango…
How did you install Tango on your machine?

Kind regards,
Reynald

Rosenberg's Law: Software is easy to make, except when you want it to do something new.
Corollary: The only software that's worth making is software that does something new.

# 6 years ago
Dusan.Ristic	Could you confirm it is set to "AccessControl/tango:sys/access_control/1"? Sorry about that. Yes, it is set to AccessControl/tango:sys/access_control/1. In your case, it looks like DbGetProperty (at least) is not listed in this class property. I have command DbGetProperty. I executed it with argin value \ and got some output, so I guess it is working: This is still valid What should I do to set them then, I'm not even sure what setting them means? I already have all of them listed as commands in class DataBase. How did you install Tango on your machine? From source code, Tango 9.2.5a on Ubuntu 16.04. P.S. Maybe this details can help to resolve the problem Dusan Edited 6 years ago Attachments: 29Kb

# 6 years ago

Dusan.Ristic

Could you confirm it is set to "AccessControl/tango:sys/access_control/1"?

Sorry about that. Yes, it is set to AccessControl/tango:sys/access_control/1.

In your case, it looks like DbGetProperty (at least) is not listed in this class property.

I have command DbGetProperty. I executed it with argin value \ and got some output, so I guess it is working:

This is still valid

What should I do to set them then, I'm not even sure what setting them means? I already have all of them listed as commands in class DataBase.

How did you install Tango on your machine?

From source code, Tango 9.2.5a on Ubuntu 16.04.

P.S. Maybe this details can help to resolve the problem

Dusan

Edited 6 years ago

# 6 years ago
Andy	Hi Dusan, you need to have the TangoAccessControl server running. This is started via the tango-access script after the database has been started. This server is started with the environment variable SUPER_TANGO=1 and the argument "1". Andy

# 6 years ago
Reynald	I think Andy is (almost) right. ~~SUPER_TANGO=1~~ It should be SUPER_TANGO=true Rosenberg's Law: Software is easy to make, except when you want it to do something new. Corollary: The only software that's worth making is software that does something new.

# 6 years ago
Andy	You are right (of course) !

# 6 years ago
Dusan.Ristic	But as I said in the first post: When environmental variable SUPER_TANGO is set to true, I am able to run all servers and tools. So, I want to run Tango system while SUPER_TANGO is set to false, because according to Tango Manual page 190: Even if a controlled access system is running, it is possible to by-pass it if, in the environment of the client application, the environment variable SUPER_TANGO is defined to "true". and I dont want to by-pass TAC. How I understood, when SUPER_TANGO=true, users will have permissions according to TAC, if SUPER_TANGO=false, then TAC will be disabled(by-passed to be more specific) and users will have full access to devices. Am I right? Edited 6 years ago

# 6 years ago

Dusan.Ristic

But as I said in the first post:

When environmental variable SUPER_TANGO is set to true, I am able to run all servers and tools.

So, I want to run Tango system while SUPER_TANGO is set to false, because according to Tango Manual page 190:

Even if a controlled access system is running, it is possible to by-pass it if, in the environment of the client application, the environment variable SUPER_TANGO is defined to "true".

and I dont want to by-pass TAC.

How I understood, when SUPER_TANGO=true, users will have permissions according to TAC, if SUPER_TANGO=false, then TAC will be disabled(by-passed to be more specific) and users will have full access to devices. Am I right?

Edited 6 years ago

# 6 years ago
Andy	Maybe there is a misunderstanding. The TangoAccessControl server is the process which implements the controlled access and checks the permissions. This is the only device server which has to be started with SUPER_TANGO=true because it needs free access to check the rights in the database. ALL other clients and servers are started without the SUPER_TANGO variable set and will follow the access rules defined in the database. Do you have the TangoAccessControl device server running? Andy

# 6 years ago

Andy

Maybe there is a misunderstanding. The TangoAccessControl server is the process which implements the controlled access and checks the permissions. This is the only device server which has to be started with SUPER_TANGO=true because it needs free access to check the rights in the database. ALL other clients and servers are started without the SUPER_TANGO variable set and will follow the access rules defined in the database.

Do you have the TangoAccessControl device server running?

Andy