Authentication vs Authorization¶
Phoebus depends on the operating system to authenticate the user. The currently logged in user is who we expect to be interacting with Phoebus.
Phoebus does add basic authorization to control if the current user may configure details of the window layout (lock and unlock panes) or alarm system (add, remove, acknowledge alarms).
A preference setting selects a more detailed authorization configuration file:
See details of the
org.phoebus.ui preferences for the possible locations
of that file.
Example authorization configuration file:
# Authorization Settings # # Format: # authorization = Comma-separated list of user names # # The authorization name describes the authorization. # FULL is a special name to obtain all authorizations. # # Each entry in the list of user names is a regular expression for a user name. # Anybody can lock a dock pane, i.e. set it to 'fixed' lock_ui = .* # Anybody can acknowledge alarms alarm_ack = .* # Specific users may configure alarms, including both "jane" and "janet" #alarm_config = fred, jane.*, egon, # Anybody can configure alarms alarm_config = .* # Full authorization. FULL = root