epics-base/documentation/new-notes/PR-624.md

ACF Syntax Forward Compatibility

This update modifies the Access Security Configuration File (ACF) parser to standardize the ACF grammar for forward compatibility. All ACF definitions now adhere to a consistent syntax format, which will allow future additions to the access security language without breaking existing configurations. In practice, this means the structure of ACF files is now formally defined and will remain stable going forward, so any new grammar features will fit into the same pattern. (Existing ACF files continue to work as-is under the new parser, so no changes are required for legacy configurations or tools.).

Generic ACF Syntax: The ACF file consists of definitions for User Access Groups (UAG), Host Access Groups (HAG), and Access Security Groups (ASG), using the following general format (angle brackets denote placeholders):

UAG(<name>) [{ <user> [, <user> ...] }]
...

HAG(<name>) [{ <host> [, <host> ...] }]
...

ASG(<name>) [{
    [INP<index>(<pvname>)
     ...]

    RULE(<level>, NONE | READ | WRITE [, NOTRAPWRITE | TRAPWRITE]) {
        [UAG(<name> [, <name> ...])]
        [HAG(<name> [, <name> ...])]
        [CALC(<calculation>)]
    }
    ...
}]
...

Under this schema, each definition uses a keyword, a name in parentheses, and (optionally) a braced block of contents. This uniform structure ensures that future keywords or sections can be introduced in the same form, maintaining compatibility with the parser. For example, if a new type of condition or group is added in a later release, it would follow the KEYWORD(name) { ... } pattern, so 7.0.9-era parsers can handle or ignore it gracefully (instead of failing on unknown syntax).

Supported Syntax in EPICS 7.0.9: The current release defines the following specific elements within the above generic format:

• UAG -- User Access Group. Defines a group of user names.
• HAG -- Host Access Group. Defines a group of host names (or IP addresses) that clients can connect from.
• ASG -- Access Security Group. Defines a security group which records can be assigned to. An ASG entry may contain a block with input definitions and access rules. For example:

ASG(MyGroup) {
    INPA(myPV1)
    INPB(myPV2)
    RULE(1, WRITE) { ... }
    RULE(1, READ) { ... }
}

If no rules are defined for an ASG, access defaults to always allowed.

• INP() -- Input link. Declares an input process variable whose value can be used in a CALC condition.
• RULE(, [, ]) { ... } -- Defines an access rule for the ASG.

Inside the curly braces of a RULE, optional conditions can restrict when that rule applies. All conditions that are present must be satisfied (they function as a logical AND):

• UAG(, ...) -- User-group condition. The rule only applies if the Channel Access client's user is a member of one of the listed UAGs.
• HAG(, ...) -- Host-group condition. The rule only applies if the client's host (as determined by its IP or hostname) is in one of the listed HAGs
• CALC("") -- Calculation condition. The rule only applies if the given expression evaluates to true (non-zero).

Special Semantics for RULEs: Rules will continue to allow the prescribed access if and only if all the predicates the rule contains are satisfied.

• If the rule contains predicates that are unknown to the parser (future functionality), then the rule will NOT not match - but no syntax error will be reported as long as the syntax is correct.
• If the rule contains predicates that the parser does not recognise which are malformed (e.g. missing parentheses), then the rule will not match and the parser will report a syntax error.
• In this way rules can be extended with new predicates without breaking older clients or giving those older clients elevated privileges.

Special Semantics unrecognised ACF file elements: Any new elements that are added to the ACF file will be ignored silently by a parser that does not understand them.

• If a new element is added to the ACF file that is not understood by the parser, the parser will simply ignore it silently, without reporting an error, as long as the syntax is correct.
• If new elements are added to the ACF file that are malformed (e.g. missing parentheses), then the parser will report a syntax error.
• In this way new elements can be added to ACF files without breaking older clients.

In summary, ACF forward compatibility means that from EPICS 7.0.9 onward, any new access security features will use this established syntax. The parser will recognize new group types or rule options by the same (...) { ... } convention, ensuring they can be added without breaking older files or requiring a new parser. This change does not require any modifications to existing ACF files or downstream tools -- all legacy syntax remains valid, and the new standardized grammar simply provides a robust foundation for future extensions.

---

Full Language Specification:

Lexical tokens

Ignored stuff

• Whitespace: space, tab, \r (carriage return) -- may appear between tokens.

• Newlines: \n -- same as whitespace for syntax, but tracked for error messages.

• Comments: # ... end of line -- ignored.

Terminals

• UAG → literal string "UAG"
• HAG → "HAG"
• ASG → "ASG"
• RULE → "RULE"
• CALC → "CALC"
• INP(link) → literal "INP" followed immediately by one uppercase letter A-U

    link-letter  ::= "A" | "B" | ... | "U"
    INP(link)    ::= "INP" link-letter

• INT → integer literal

    INT ::= [ "+" | "-" ]? DIGIT+
    DIGIT ::= "0" | "1" | ... | "9"

• FLOAT → floating-point literal with decimal point

    FLOAT ::= [ "+" | "-" ]? DIGIT* "." DIGIT+ [ ( "e" | "E" ) [ "+" | "-" ] DIGIT+ ]?

• STRING → either
  • unquoted: one or more of

        NAMECHAR ::= letter | digit | "_" | "-" | "+" | ":" | "." | "[" | "]" | "<" | ">" | ";"
        STRING(unquoted) ::= NAMECHAR+

• • quoted:

        STRING(quoted) ::= '"' { STRINGCHAR | ESCAPE } '"'
        STRINGCHAR     ::= any char except '"' "\" "\n"
        ESCAPE         ::= "\" any-char

    The surrounding quotes are stripped; escapes are kept literal at parse level.

• Punctuation tokens (single-character terminals):

    "("  ")"  "{"  "}"  ","

---

Grammar

Top level

acf-file ::= asconfig ;

asconfig ::= asconfig-item { asconfig-item } ;

asconfig-item ::=
      uag-def
    | hag-def
    | asg-def
    | generic-top-level-item ;

UAG / HAG groups

uag-def ::= "UAG" uag-head [ uag-body ] ;

uag-head ::= "(" STRING ")" ;

uag-body ::= "{" uag-user-list "}" ;

uag-user-list ::= STRING { "," STRING } ;

hag-def ::= "HAG" hag-head [ hag-body ] ;

hag-head ::= "(" STRING ")" ;

hag-body ::= "{" hag-host-list "}" ;

hag-host-list ::= STRING { "," STRING } ;

ASG (access security group)

asg-def ::= "ASG" asg-head [ asg-body ] ;

asg-head ::= "(" STRING ")" ;

asg-body ::= "{" asg-body-item { asg-body-item } "}" ;

asg-body-item ::=
      inp-config
    | rule-config ;

INP config

inp-config ::= INP(link) "(" STRING ")" ;`

RULE config

rule-config ::= "RULE" rule-head [ rule-body ] ;

rule-head ::=
      "(" rule-head-mandatory "," rule-log-option ")"
    | "(" rule-head-mandatory ")" ;

rule-head-mandatory ::= INT "," STRING ;

rule-log-option ::= STRING ;

rule-body ::= "{" rule-list "}" ;

rule-list ::= rule-list-item { rule-list-item } ;

rule-list-item ::=
      "UAG" "(" rule-uag-list ")"
    | "HAG" "(" rule-hag-list ")"
    | "CALC" "(" STRING ")"
    | rule-generic-block-elem ;

rule-uag-list ::= STRING { "," STRING } ;

rule-hag-list ::= STRING { "," STRING } ;`

Generic / future-proof syntax

These are the "catch-all" constructs that are parsed but currently ignored semantically.

Keyword classes

These are parser-level categories used inside generic constructs:

keyword ::=
      "UAG"
    | "HAG"
    | "CALC"
    | non-rule-keyword ;

non-rule-keyword ::=
      "ASG"
    | "RULE"
    | INP(link) ;   (* INPA..INPU *)

Generic head (argument list)

generic-head ::=
      "(" ")"
    | "(" generic-element ")"
    | "(" generic-list ")" ;

generic-list ::= generic-element "," generic-element { "," generic-element } ;

generic-element ::=
      keyword
    | STRING
    | INT
    | FLOAT ;

Generic blocks

generic-block ::=
      "{" generic-element "}"
    | "{" generic-list "}"
    | "{" generic-block-list "}" ;

generic-block-list ::= generic-block-elem { generic-block-elem } ;

generic-block-elem ::=
    generic-block-elem-name generic-head [ generic-block ] ;

generic-block-elem-name ::= keyword | STRING ;`

Generic top-level items

These are "unknown" top-level constructs, all of which are parsed and then ignored with a warning.

generic-top-level-item ::=
      STRING generic-head generic-list-block
    | STRING generic-head generic-block
    | STRING generic-head ;

where

generic-list-block ::=
    "{" generic-element "}" "{" generic-list "}" ;

Generic blocks inside RULE bodies

These are the "future predicates" in a RULE's body; they cause the RULE to be disabled with a warning, but they must still parse.

rule-generic-block-elem ::=
    rule-generic-block-elem-name generic-head [ generic-block ] ;

rule-generic-block-elem-name ::= non-rule-keyword | STRING ;