ICALEPCS 2009
WEP101
Integrated Access Control for PVSS-based SCADA Systems at CERN
M.Gonzalez-Berges, P.Golonka* (CERN)
The protection of the PVSS-based Human-Machine-Interface parts of the Control Systems for the LHC accelerator and the experiments at CERN is implemented using the JCOP Framework Access Control component. It allows to protect from non-malicious activity (such as misuse due to operator's mistake) by enabling/disabling the elements of the User Interface. It extends the native PVSS mechanisms for user-authentication and makes the management of the role-based authorizations easy to configure and maintain. Ultimately, it enables the synchronization of the access-control related data across distributed systems, and allows to synchronize this data with central user-management resources at CERN (such as Active Directory), and automated creation of user accounts.