UaModeler
1.6.3.454
|
This tutorial describes how to specify NodeAccessInfo for a node on a server based on the .NET based OPC UA SDK.
Create a new project as described in steps 1–5 of HowTo: Create a New UaModeler Project With a Method first.
NodeAccessInfo has to be enabled first. Choose Settings → *Edit Settings…" from the context menu. Expand the section “Modeling”. Then check the box “NodeAccessInfo enabled” under “Editing of NodeAccessInfo”. We have to choose “Role – Role” from the drop-down menu, because this is the only mode that the .NET SDK supports. Finally, check the box “Add Default Roles”. We will use them in the next step.
Right-click on the Objects folder in the Information Model window and select “Add Instance” from the context menu.
If necessary, switch to the Types View and expand the section “Instance”. Enter the following settings (see screenshot):
To specify NodeAccessInfo for the newly created node, select it in the Information Model Window and switch to the Extensions View. Then expand the section “NodeAccessInfo” if necessary.
First, we have to check “Specify NodeAccessInfo”; otherwise all settings are grayed out. Then select “Operator” from the drop-down menu for “Role1” and “Observer” for “Role2”. You can now check the boxes in the selected columns.
Now we can set the NodeAccessInfo. Set the following permissions (see screenshot) by checking the respective boxes:
Note that the boxes for both other roles are automatically checked as soon as you check “Other” in any row. This is intentional.
Confirm your choices with “OK”. Then save your project.
Generate code for your project as shown in Step 9: Generating Code of HowTo: Create a New UaModeler Project With a Method.
Open the generated project file (in our case named NodeAccessInfoExample.csproj) in Visual Studio.
We have to add an ImpersonateUser event handler to TestServerManager.cs.
First we add the OPC UA Base Library:
Then we add the event handler to the method OnRootNodeManagerStarted:
For this example, we’re using the following users and passwords.
UserName | Password |
---|---|
john | master |
joe | god |
The user john will have the roles “Operator” and “Observer”, user joe only “Observer”.
Add the following method:
Finally, we have to prepare the creation of a certificate. Copy the application Opc.Ua.CertificateGenerator.exe from [SDK Installation Directory]\bin to the folder bin next to the Visual Studio solution.
Then open the file Program.cs and add the line
above of
Now we are ready to compile the server.
To test the implementation, start the server and connect with UaExpert.
Select the variable as anonymous user. As we haven’t granted Read access to “Other”, the status code “BadUserAccessDenied” is shown in the Attributes Window (see screenshot).
Now change the user to joe (choose Server → Change User…. As john has the permission to read the variable, the status code is “Good” and the value is shown (see screenshot).
When trying to write the value (double-click on the cell and enter a new value), the value doesn’t change and the log window shows the following message from the server:
Write to node 'NS2|Numeric|6002' failed [ret = BadUserAccessDenied].
This behaviour is expected, as joe has the role “Observer”, who are only allowed to read, but not to write the variable.
Now we change the user to john and try to write the variable once more. John has the role “Operator” in additon to “Observer”. As john has the permission to write the value, the log window shows
Write to node 'NS2|Numeric|6002' succeeded [ret = Good].