doc for 1.2.2

documentation/qsrvpage.dox

@@ -162,6 +162,23 @@ record(ai, "...") {
 }
 @endcode
 
+@subsection qsrv_aslib Access Security
+
+QSRV will enforce an optional access control policy file (.acf) loaded by the usual means (cf. asSetFilename() ).
+This policy is applied to both Single and Group PVs.  With Group PVs, restrictions are not defined for the group,
+but rather for the individual member records.  So the same policy will be applied regardess of how a record
+is accessed (individually, or through a group).
+
+Policy application differs from CA (RSRV) in several ways:
+
+* Client hostname is always the numeric IP address.  HAG() entries must either contained numeric IP addresses,
+or that asCheckClientIP=1 flag must be set to translate hostnames into IPs on ACF file load (effects CA server as well).
+This prevents clients from trivially forging "hostname".
+* In additional to client usernames.  UAG definitions may contained items beginning with "role/" which are matched
+against the list of groups of which the client username is a member.  Username to group lookup is done internally
+to QSRV, and depends on IOC host authentication configuration.  Note that this is still based on the client provided
+username string.
+
 @subsection qsrv_link PVAccess Links
 
 When built against Base >= 3.16.1, support is enabled for PVAccess links,

documentation/release_notes.dox

@@ -2,6 +2,13 @@
 
 @page release_notes Release Notes
 
+Release 1.2.2 (Nov 2019)
+========================
+
+- Changes
+ - Enforce Access Security policy.
+ - NTEnum .value field add missing "enum_t" type ID string.
+
 Release 1.2.1 (July 2019)
 =========================