I have problem with Tango Access Control and it would be great if you could help me out.
When environmental variable SUPER_TANGO is set to true, I am able to run all servers and tools. I gave all rights to all users, and property Services belonging to the free object CtrlSystem is also created (by executing command RegisterService).
All of this is showed in the picture below:
However, when I set variable SUPER_TANGO to false, I can’t start anything beside database.
In the picture 2, you can see what I’m getting when I want to start Starter and Astor:
Why I have this problem even though I’ve set write rights for all users?
On your first screenshot, the value of the free object CtrlSystem is not entirely readble. Could you confirm it is set to “AccessControl/tango:sys/access_control/1”?
At first and during test, I would use a generic configuration allowing write access to all users.
For your last question, since TAC get the username from the OS, I think it will not be an issue.
This is still valid… This Database class property should be defined properly.
In your case, it looks like DbGetProperty (at least) is not listed in this class property.
This looks strange to me because it is supposed to be defined when you install Tango…
How did you install Tango on your machine?
you need to have the TangoAccessControl server running. This is started via the tango-access script after the database has been started. This server is started with the environment variable SUPER_TANGO=1 and the argument “1”.
So, I want to run Tango system while SUPER_TANGO is set to false, because according to Tango Manual page 190:
and I dont want to by-pass TAC.
How I understood, when SUPER_TANGO=true, users will have permissions according to TAC, if SUPER_TANGO=false, then TAC will be disabled(by-passed to be more specific) and users will have full access to devices. Am I right?
Maybe there is a misunderstanding. The TangoAccessControl server is the process which implements the controlled access and checks the permissions. This is the only device server which has to be started with SUPER_TANGO=true because it needs free access to check the rights in the database. ALL other clients and servers are started without the SUPER_TANGO variable set and will follow the access rules defined in the database.
Do you have the TangoAccessControl device server running?
So, on host from which TAC server is running, it is necessary to set SUPER_TANGO to true?
If that so, you are right, because I thought of variable SUPER_TANGO only as a way to avoid access control if it exists, because in section D.6 page 256 (start TANGO with the controlled access) isn’t mentioned anything about this variable.
Now, I have next situation. On host Dell I started TAC (with SUPER_TANGO set to true). With another host called Lens(on which SUPER_TANGO is set to false) I successfully connected to Dell’s database.
When I start server from Lens, I am able to read values, but when I want to execute any command or write attributes I get Host name/address cannot be determined !, even though I set that all users have write access.
P.S. From host Dell I can manipulate with servers without problems.
It is necessary to set SUPER_TANGO=true only for the TAC server.
If you run another device server on the same host as the host where the Tango Access Control device server is running, it should run with SUPER_TANGO env variable unset.
I think you are now encountering the same problem as Chris on the other forum thread you mentioned earlier.
Please have a look at the solution he found to solve this problem (add a new entry in /etc/hosts file for the machines where you want the hostnames to be resolved): http://www.tango-controls.org/community/forum/c/general/development/tango-access-control/?page=1#post-35
[quote]So, on host from which TAC server is running, it is necessary to set SUPER_TANGO to true?
If that so, you are right, because I thought of variable SUPER_TANGO only as a way to avoid access control if it exists, because in section D.6 page 256 (start TANGO with the controlled access) isn’t mentioned anything about this variable.
[/quote]
I (mis)understood as Dusan.
Tango kernel book mentions environment variable to set at 3 places:
in TANGO kernel book (7.14.2 page 190 and A.12.3.4 page 221)
However, it seems not very clear SUPER_TANGO has to be set on the server where runs TAC DS, even if it seems clear now you mention it.
To clarify this point, perhaps a line can be added like “To launch [or run] Tango Access Control DS, SUPER_TANGO environment variable must be set to true”.
Another question: should we set this variable just when we launch TAC DS or when we launch and until we stop this DS?
If the DS has been configured to give write access to anyone to any device from everywhere, what is the normal behavior if TAC DS is stopped?
