diff --git a/iocBoot/accessSecurity.acf b/iocBoot/accessSecurity.acf
new file mode 100644
index 0000000000000000000000000000000000000000..67da154a15630db7900a6704d94dc71ee569be2a
--- /dev/null
+++ b/iocBoot/accessSecurity.acf
@@ -0,0 +1,35 @@
+HAG(local) {mooneylinux.aps.anl.gov}
+HAG(remote) {iocxxx, ioctim.aps.anl.gov}
+UAG(owner) {mooney}
+UAG(user) {bcda1, epicsadm, vw5}
+
+ASG(DEFAULT) {
+	INPA($(P)AS_OnOff)
+	INPB($(P)LocalAccess)
+	INPC($(P)RemoteAccess)
+	RULE(1,READ)
+	RULE(1,WRITE) {
+# write access for everybody if AS_OnOff is off
+		CALC("A=1")
+	}
+	RULE(1,WRITE) {
+# write access for owner and user on a local host if LocalAccess==1
+		HAG(local)
+		UAG(owner, user)
+		CALC("B>.5")
+	}
+	RULE(1,WRITE){
+# write access for user on remote host if RemoteAccess==1
+		UAG(user)
+		HAG(remote)
+		CALC("C=1")
+	} 
+}
+
+ASG(controlFields) {
+	RULE(1,READ)
+	RULE(0,WRITE) {
+		UAG(owner)
+	}
+	
+}