TAC problem

Hi,

I have problem with Tango Access Control and it would be great if you could help me out.

When environmental variable SUPER_TANGO is set to true, I am able to run all servers and tools. I gave all rights to all users, and property Services belonging to the free object CtrlSystem is also created (by executing command RegisterService).
All of this is showed in the picture below:


However, when I set variable SUPER_TANGO to false, I can't start anything beside database.
In the picture 2, you can see what I'm getting when I want to start Starter and Astor:


Why I have this problem even though I've set write rights for all users?

Many thanks,
Dusan


Edited 7 years ago
P.S. I tried with creating new group with my username (can I use Ubuntu username btw?) and IP adress, but that didn't help either.


I also found this, http://www.tango-controls.org/community/forum/c/general/development/tango-access-control/?page=1, but I'm not sure what those class properties in the second post are for, and should I do it at all, because this post is 2 years old.
Edited 7 years ago
On your first screenshot, the value of the free object CtrlSystem is not entirely readble. Could you confirm it is set to "AccessControl/tango:sys/access_control/1"?

At first and during test, I would use a generic configuration allowing write access to all users.

For your last question, since TAC get the username from the OS, I think it will not be an issue.
- Philippe
Edited 7 years ago
Dusan.Ristic
I also found this, http://www.tango-controls.org/community/forum/c/general/development/tango-access-control/?page=1, but I'm not sure what those class properties in the second post are for, and should I do it at all, because this post is 2 years old.

This is still valid… This Database class property should be defined properly.
In your case, it looks like DbGetProperty (at least) is not listed in this class property.
This looks strange to me because it is supposed to be defined when you install Tango…
How did you install Tango on your machine?

Kind regards,
Reynald
Rosenberg's Law: Software is easy to make, except when you want it to do something new.
Corollary: The only software that's worth making is software that does something new.
Could you confirm it is set to "AccessControl/tango:sys/access_control/1"?
Sorry about that. Yes, it is set to AccessControl/tango:sys/access_control/1.

In your case, it looks like DbGetProperty (at least) is not listed in this class property.
I have command DbGetProperty. I executed it with argin value \ and got some output, so I guess it is working:


This is still valid
What should I do to set them then, I'm not even sure what setting them means? I already have all of them listed as commands in class DataBase.

How did you install Tango on your machine?
From source code, Tango 9.2.5a on Ubuntu 16.04.

P.S. Maybe this details can help to resolve the problem



Dusan
Edited 7 years ago
Hi Dusan,

you need to have the TangoAccessControl server running. This is started via the tango-access script after the database has been started. This server is started with the environment variable SUPER_TANGO=1 and the argument "1".

Andy
I think Andy is (almost) right. smile
SUPER_TANGO=1
It should be SUPER_TANGO=true

Rosenberg's Law: Software is easy to make, except when you want it to do something new.
Corollary: The only software that's worth making is software that does something new.
You are right (of course) !
But as I said in the first post:
When environmental variable SUPER_TANGO is set to true, I am able to run all servers and tools.
So, I want to run Tango system while SUPER_TANGO is set to false, because according to Tango Manual page 190:
Even if a controlled access system is running, it is possible to by-pass it if, in the environment of the client application, the environment variable SUPER_TANGO is defined to "true".
and I dont want to by-pass TAC.

How I understood, when SUPER_TANGO=true, users will have permissions according to TAC, if SUPER_TANGO=false, then TAC will be disabled(by-passed to be more specific) and users will have full access to devices. Am I right?

Edited 7 years ago
Maybe there is a misunderstanding. The TangoAccessControl server is the process which implements the controlled access and checks the permissions. This is the only device server which has to be started with SUPER_TANGO=true because it needs free access to check the rights in the database. ALL other clients and servers are started without the SUPER_TANGO variable set and will follow the access rules defined in the database.

Do you have the TangoAccessControl device server running?

Andy
 
Register or login to create to post a reply.