default.acf

#
# default instrument access security file
# this file is used by both IOCs and EPICS gateways
#
# always use WRITE,TRAPWRITE to allow gateway put logging and IOC CaPutLog to work 
#
# $Id$
#

#UAG(instuser) { spudulike }

# comma separated machine list
HAG(instmachine) { localhost, $(ACF_IH1=localhost), $(ACF_IH2=localhost), $(ACF_IH3=localhost), $(ACF_IH4=localhost) }
HAG(localhost) { localhost }

# this is the security group for all records that do not secify a different security group in the ASG field  
# Everybody can always read, everybody can write except when EXCLUSIVE is set then only spudulike on localhost can write
ASG(DEFAULT) {
#    INPA("$(P=)CS:EXCLUSIVE")
    RULE(1, READ)
    RULE(1, WRITE, TRAPWRITE)
#    RULE(1, WRITE, TRAPWRITE)
#    {
#        HAG(instmachine)
#    }
#    RULE(1, WRITE, TRAPWRITE)
#    {
#        CALC("A=0")
#    }
#    RULE(1, WRITE, TRAPWRITE)
#    {
#        UAG(inst)
#        HAG(inst)
#        CALC("A=1")
#    }
}

# this is used by ISISDAE to avoid CaPutLog messages on SAMPLEPARS:SP etc
ASG(NOTRAPW) {
    RULE(1, READ)
    RULE(1, WRITE)
}

# group used by external PV gateway file gwext.pvlist for most (but not necessarily all) PVs
ASG(GWEXT) {
    RULE(1, READ)
    RULE(1, WRITE, TRAPWRITE)
    {
        HAG(instmachine)
    }
}

# only read values
ASG(READONLY) {
    RULE(1, READ)
}

# only allow writes to field values in access security level zero (ASL0),
# things like VAL are in ASL0 but other fields may not be. The ASL is set
# in the DBD file of the record
ASG(WASL0) {
    RULE(1, READ)
    RULE(0, WRITE, TRAPWRITE)
#    {
#        HAG(instmachine)
#    }
}

# Security group for records where everybody can always read and write 
ASG(ANYBODY) {
    RULE(1, READ)
    RULE(1, WRITE, TRAPWRITE)
}

ASG(MANAGER) {
	INPA("$(P=)CS:MANAGER") 
    RULE(1, READ)
    RULE(1, WRITE, TRAPWRITE)
    {	
		CALC("A=1")
    }
}
# Security group to be used by Cryogenic SMS PSU, cannot read or write to anything
ASG(HIDDEN) {
    RULE(1, NONE)
}