Difference between revisions of "uaCap:UserAuthorization"

From UaCapabilities
Jump to: navigation, search
 
Line 1: Line 1:
 
{{CapabilityUri|/Security/User-Authorization}}
 
{{CapabilityUri|/Security/User-Authorization}}
 
'''Description'''
 
'''Description'''
<br>Manage user roles to restrict or control access to OPC UA data.
+
<br>Manage user roles to restrict or control OPC UA access to resources represented by a Server.
OPC UA does not specify how user or Client Authorization is to be provided.
+
<br>The way how users are managed and how authorization is actually performed (e.g. using role-based authorization) is outside the scope of OPC UA.
  
 
'''Usage Considerations'''
 
'''Usage Considerations'''
<br>Restrict certain features to specialists.
+
* Restrict certain features to specialists.
 +
* Authorization can be as coarse-grained as allowing some users full access and others only read access. It can also be much finer grained such as allowing specific actions on specific resources by specific users or roles.
  
{{uaConformance|TBD <!-- Client -->|
+
{{uaConformance|<no specific requirement>|
TBD <!-- Server -->
+
* Provide means to administer users and their access permissions.
<!-- Example
+
* Expose user-specific permissions via the UserAccessLevel attribute.
* [http://opcfoundation.org/UA-Profile/Server/GlobalCertificateManagement '''Global Certificate Management Server Profile''']
+
* Provide the configured authorization for the respective Services. E.g. reject writing values or calling methods if not allowed for the current user.  
* [http://opcfoundation.org/UA-Profile/Client/GlobalCertificateManagement '''Global Certificate Management Client Profile''']
+
-->
+
 
}}
 
}}

Latest revision as of 13:44, 10 February 2015

URN:          https://opcfoundation.org/wiki/index.php/Security/User-Authorization

Description
Manage user roles to restrict or control OPC UA access to resources represented by a Server.
The way how users are managed and how authorization is actually performed (e.g. using role-based authorization) is outside the scope of OPC UA.

Usage Considerations

  • Restrict certain features to specialists.
  • Authorization can be as coarse-grained as allowing some users full access and others only read access. It can also be much finer grained such as allowing specific actions on specific resources by specific users or roles.

Conformance Testing

Client Server

<no specific requirement>

  • Provide means to administer users and their access permissions.
  • Expose user-specific permissions via the UserAccessLevel attribute.
  • Provide the configured authorization for the respective Services. E.g. reject writing values or calling methods if not allowed for the current user.