esi-security

esi-security library provides helper functionality to create profiles and security references

Available functions

All functions have to be called according to the ESI standard, using colons, e.g. lib:FUNCTIONNAME(params)

HAS_SECURITY_REFERENCES

UPSERT_SECURITY_REFERENCES

SET_SECURITY_MASTER

SET_SECURITY_LOCAL

GET_PARENT_WITH_TYPE

GET_MASTER_CORE

GET_LOCAL_CORE

REAPPLY_EXISTING

Documentation

HAS_SECURITY_REFERENCES(refObject)

The method checks if an objects has security references and also returns which profiles have specific security references on the target object. This is especially useful for access validation in scripts.

Parameters

refObject

the inmation object that is checked for security references

Returns

  • bool true if object has security references

  • table table with all security references of this object

Usage

local LIB = require "esi-security"
local coreObj = syslib.getobject(syslib.getcorepath())
local hasSecRefs, secRefs = LIB:HAS_SECURITY_REFERENCES(coreObj)

UPSERT_SECURITY_REFERENCES(refObjects,profilesWithRefs)

This method upserts security references for list of provided objects, and will apply all provided profiles to each object.

Converts possible inherited references of parent to explicit reference to referenced object Add list references to parent if needed Add possible implicit list references of children to referenced object

Parameters

refObjects

List of inmation objects, that will receive security references

profiles

List of objects of type profile, in syslib.mass format.

Usage

The following script creates the security references for the Core in the I/O Model and a S95 Enterprise object in the ISA95 Equipment Model.

local LIB = require "esi-security"
local refObjects = { syslib.getobject(syslib.getcorepath()), syslib.getobject("/MY_ENTERPRISE") }
local ModelAccess = syslib.model.flags.ProfileModelAccess
local UserAccess = syslib.model.flags.ProfileUserAccessControl
local SecurityAtts = syslib.model.flags.SecurityAttributes
local profiles = {
{
["ObjectName"] = "Global-Readers",
class = syslib.model.classes.Profile,
["ProfileUserAccess"] = UserAccess.USR_ACC_CTRL_DATA_STUDIO | UserAccess.USR_ACC_CTRL_DATA_WEB,
["ProfileModelAccess"] = ModelAccess.PRF_MDL_ACC_IO | ModelAccess.PRF_MDL_ACC_KPI,
securityRefs = {
value = SecurityAtts.LIST | SecurityAtts.READ | SecurityAtts.INHERITABLE
}
}
}
LIB:UPSERT_SECURITY_REFERENCES(refObjects, profiles)

SET_SECURITY_MASTER(args)

This method creates profiles and security references for a Master-Core object, providing an access control preset.

Parameters

args

table containing method parameters

adname

Name for active directory, that created groups are part of.

groupprefix

Prefix for active directory groups.

emg_user

Username of an emergency user, that is unrelated to the active directory.

emg_user_description

Description for the emergency user.

hasEngineers

If non-nil, result will include 2 reader profiles (one with DataStudio 'readers', one without DataStudio permissions 'engineers'). If nil, the 'readers' profile has permissions for DataStudio.

spprefix

Prefix for service users. If not set, the prefix "FU" will be used.

Usage

local LIB = require "esi-security"
local args = {
adname = "mycorp.com",
groupprefix = "G-MYPREFIX",
emg_user = "emg_user",
emg_user_description = "this is the emergency user for mycorp.com",
}
LIB:SET_SECURITY_MASTER(args)

SET_SECURITY_LOCAL(args)

This method creates profiles and security references for a Local-Core object, providing an access control preset.

Parameters

args

table containing method parameters

adname

Name for active directory, that created groups are part of.

groupprefix

Prefix for active directory groups.

shortcode

Shortcode for the Local-Core object (shortcode == Core ObjectName)

hasEngineers

If non-nil, result will include 2 reader profiles (one with DataStudio 'readers', one without DataStudio permissions 'engineers'). If nil, the 'readers' profile has permissions for DataStudio.

spprefix

Prefix for service users. If not set, the prefix "FU" will be used.

hasVkpi

If non-nil, a VKPI profile will be created for each site

hasMES

If non-nil, an MES profile will be created for each site

Usage

local LIB = require "esi-security"
local args = {
adname = "mycorp.com",
groupprefix = "G-MYPREFIX",
shortcode = "MYSITE",
}
LIB:SET_SECURITY_LOCAL(args)

GET_PARENT_WITH_TYPE(classtype, obj)

Finds a parent of the given type recursively recursively

Parameters

classtype

The Object Type ID

obj

The instance of an system:inmation object

Usage

local LIB = require "esi-security"
LIB:GET_PARENT_WITH_TYPE(syslib.model.classes.Core, syslib.getobject(syslib.getcorepath() .. "/Connector"))

GET_MASTER_CORE()

This method returns the master core object

Usage

local LIB = require "esi-security"
local master = LIB:GET_MASTER_CORE()
master.ObjectDescription = "Master Core"
master:commit()

GET_LOCAL_CORE(shortCode)

Get a specific Local-Core object (shortCode == Core ObjectName)

Parameters

shortCode

The short code/name of the local core. If working with geo-codes might look similar to this: DECGN

Usage

This example can be run expecting that there is a local core installed called "MyNewLocalCore"

local LIB = require "esi-security"
local localCore = LIB:GET_LOCAL_CORE("MyNewLocalCore")
localCore.ObjectName = "DECGN"
localCore:commit()

REAPPLY_EXISTING(coreObj)

This method applies security references which the target core (master or local) holds to all of its connectors. This is especially useful when using SET_SECURITY_MASTER or SET_SECURITY_LOCAL beforehand.

Parameters

coreObj

The object which represents the core. See Usage for details.

Usage

The given example works for local cores too, replace syslib.getcorepath() with LIB:GET_LOCAL_CORE("LocalCoreObjectName")

local LIB = require "esi-security"
local coreObj = syslib.getcorepath()
LIB:REAPPLY_EXISTING(coreObj)