uaCap:UserAuthorization

From UaCapabilities
Revision as of 13:44, 10 February 2015 by Karl (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

URN:          https://opcfoundation.org/wiki/index.php/Security/User-Authorization

Description
Manage user roles to restrict or control OPC UA access to resources represented by a Server.
The way how users are managed and how authorization is actually performed (e.g. using role-based authorization) is outside the scope of OPC UA.

Usage Considerations

  • Restrict certain features to specialists.
  • Authorization can be as coarse-grained as allowing some users full access and others only read access. It can also be much finer grained such as allowing specific actions on specific resources by specific users or roles.

Conformance Testing

Client Server

<no specific requirement>

  • Provide means to administer users and their access permissions.
  • Expose user-specific permissions via the UserAccessLevel attribute.
  • Provide the configured authorization for the respective Services. E.g. reject writing values or calling methods if not allowed for the current user.