esi-security
esi-security library provides helper functionality to create profiles and security references
Available functions
All functions have to be called according to the ESI standard, using colons, e.g. lib:FUNCTIONNAME(params)
Documentation
HAS_SECURITY_REFERENCES(refObject)
The method checks if an objects has security references and also returns which profiles have specific security references on the target object. This is especially useful for access validation in scripts.
UPSERT_SECURITY_REFERENCES(refObjects,profilesWithRefs)
This method upserts security references for list of provided objects, and will apply all provided profiles to each object.
Converts possible inherited references of parent to explicit reference to referenced object Add list references to parent if needed Add possible implicit list references of children to referenced object
Usage
The following script creates the security references for the Core in the I/O Model and a S95 Enterprise object in the ISA95 Equipment Model.
local LIB = require "esi-security"
local refObjects = { syslib.getobject(syslib.getcorepath()), syslib.getobject("/MY_ENTERPRISE") }
local ModelAccess = syslib.model.flags.ProfileModelAccess
local UserAccess = syslib.model.flags.ProfileUserAccessControl
local SecurityAtts = syslib.model.flags.SecurityAttributes
local profiles = {
{
["ObjectName"] = "Global-Readers",
class = syslib.model.classes.Profile,
["ProfileUserAccess"] = UserAccess.USR_ACC_CTRL_DATA_STUDIO | UserAccess.USR_ACC_CTRL_DATA_WEB,
["ProfileModelAccess"] = ModelAccess.PRF_MDL_ACC_IO | ModelAccess.PRF_MDL_ACC_KPI,
securityRefs = {
value = SecurityAtts.LIST | SecurityAtts.READ | SecurityAtts.INHERITABLE
}
}
}
LIB:UPSERT_SECURITY_REFERENCES(refObjects, profiles)
SET_SECURITY_MASTER(args)
This method creates profiles and security references for a Master-Core object, providing an access control preset.
SET_SECURITY_LOCAL(args)
This method creates profiles and security references for a Local-Core object, providing an access control preset.
GET_LOCAL_CORE(shortCode)
Get a specific Local-Core object (shortCode == Core ObjectName)
REAPPLY_EXISTING(coreObj)
This method applies security references which the target core (master or local) holds to all of its connectors. This is especially useful when using SET_SECURITY_MASTER or SET_SECURITY_LOCAL beforehand.