Speaker
Lorenzo Masetti
(CERN)
Description
The access control for the Human Machine Interfaces (HMIs) of CERN control systems is based on the access control component of the CERN-developed Joint Controls Project Framework. This component ensures the protection from non-malicious actions at the UI level and provides a role-based authorization mechanism to define the level of access for different users. In large control systems the access control configuration becomes complex, requiring the integration of additional tools to assist with the setup and storage of the configuration data. We present a method to automate the configuration of the authorization data, including user accounts, roles, domains and privileges from central CERN user-management resources. Following this approach, authorization, authentication and user management are completely delegated to existing identity management tools that are shared with other applications outside the control system.
Authors
Frank Glege
(CERN)
Lorenzo Masetti
(CERN)
Oliver Holme
(ETH Zurich, Switzerland)
Piotr Golonka
(CERN)
Raul Jimenez Estupinan
(CERN)
