Joseph Doherty
@@ -110,23 +110,50 @@ Values parse per `--type` with invariant culture. Booleans accept
|
||||
```powershell
|
||||
otopcua-focas-cli write -h 192.168.1.50 -a R100 -t Int16 -v 42
|
||||
otopcua-focas-cli write -h 192.168.1.50 -a G50.3 -t Bit -v on
|
||||
otopcua-focas-cli write -h 192.168.1.50 -a MACRO:500 -t Float64 -v 3.14
|
||||
|
||||
# MACRO: write — recipe / setpoint surface (server-side WriteOperate ACL)
|
||||
otopcua-focas-cli write -h 192.168.1.50 -a MACRO:500 -t Int32 -v 42
|
||||
|
||||
# PARAM: write — commissioning surface (server-side WriteConfigure ACL,
|
||||
# CNC must be in MDI mode + parameter-write switch enabled, else EW_PASSWD
|
||||
# surfaces as BadUserAccessDenied)
|
||||
otopcua-focas-cli write -h 192.168.1.50 -a PARAM:1815 -t Int32 -v 100
|
||||
```
|
||||
|
||||
PMC G/R writes land on a running machine — be careful which file you hit.
|
||||
Parameter writes may require the CNC to be in MDI mode with the
|
||||
parameter-write switch enabled.
|
||||
|
||||
#### Server-enforced ACL — issue #269, plan PR F4-b
|
||||
|
||||
When the same write flows through the OtOpcUa server (rather than the CLI's
|
||||
direct-to-CNC path), the server-layer ACL gates by tag kind:
|
||||
|
||||
- `PARAM:` writes require **`WriteConfigure`** group membership — heavier
|
||||
ACL because a misdirected parameter write can put the CNC in a bad
|
||||
state.
|
||||
- `MACRO:` writes require **`WriteOperate`** — matches the standard HMI
|
||||
recipe / setpoint surface.
|
||||
- PMC R/G/F writes require **`WriteOperate`**.
|
||||
|
||||
The classification is declared by the FOCAS driver per tag and enforced by
|
||||
`DriverNodeManager`; the driver itself never inspects user identity. See
|
||||
[`docs/security.md`](security.md) for the full LDAP-group → permission
|
||||
mapping, [`docs/v2/acl-design.md`](v2/acl-design.md) for the design, and
|
||||
[`docs/v2/focas-deployment.md`](v2/focas-deployment.md) "Write safety" for
|
||||
the operator pre-check runbook (MDI mode, parameter-write switch).
|
||||
|
||||
**Writes are non-idempotent by default** — a timeout after the CNC already
|
||||
applied the write will NOT auto-retry (plan decisions #44 + #45).
|
||||
|
||||
#### Server-side `Writes.Enabled` enforcement (issue #268, plan PR F4-a)
|
||||
#### Server-side `Writes` enforcement (issue #268 F4-a + #269 F4-b)
|
||||
|
||||
The OtOpcUa server gates every FOCAS write behind two independent opt-ins:
|
||||
`FocasDriverOptions.Writes.Enabled` (driver-level master switch, default
|
||||
`false`) and `FocasTagDefinition.Writable` (per-tag, default `false`). When
|
||||
either is off, the server-side `WriteAsync` short-circuits to
|
||||
`BadNotWritable` before the wire client is touched. See
|
||||
The OtOpcUa server gates every FOCAS write behind multiple independent
|
||||
opt-ins: `FocasDriverOptions.Writes.Enabled` (driver-level master switch),
|
||||
`Writes.AllowParameter` (PARAM kill switch — F4-b), `Writes.AllowMacro`
|
||||
(MACRO kill switch — F4-b), and `FocasTagDefinition.Writable` (per-tag).
|
||||
All default `false`; any one off short-circuits the server-side
|
||||
`WriteAsync` to `BadNotWritable` before the wire client is touched. See
|
||||
[`docs/drivers/FOCAS.md`](drivers/FOCAS.md) "Writes (opt-in, off by
|
||||
default)" subsection + [`docs/v2/decisions.md`](v2/decisions.md) for the
|
||||
decision record.
|
||||
|
||||
Reference in New Issue
Block a user