C++ Based OPC UA Client/Server/PubSub SDK  1.7.6.537
NodeAccessInfo Class Referenceabstract

Class for the user access flags of a node in the address space. More...

#include <nodeaccessinfo.h>

Inherits ReferenceCounter.

Inherited by NodeAccessInfoBase.

Public Types

enum  PermissionFlags {
  PERMISSION_NONE = 0x00000000, PERMISSION_BROWSE = 0x00000001, PERMISSION_READROLEPERMISSIONS = 0x00000002, PERMISSION_WRITEATTRIBUTE = 0x00000004,
  PERMISSION_WRITEROLEPERMISSIONS = 0x00000008, PERMISSION_WRITEHISTORIZING = 0x00000010, PERMISSION_READ = 0x00000020, PERMISSION_WRITE = 0x00000040,
  PERMISSION_READHISTORY = 0x00000080, PERMISSION_INSERTHISTORY = 0x00000100, PERMISSION_MODIFYHISTORY = 0x00000200, PERMISSION_DELETEHISTORY = 0x00000400,
  PERMISSION_RECEIVEEVENTS = 0x00000800, PERMISSION_CALL = 0x00001000, PERMISSION_ADDREFERENCE = 0x00002000, PERMISSION_REMOVEREFERENCE = 0x00004000,
  PERMISSION_DELETENODE = 0x00008000, PERMISSION_ADDNODE = 0x00010000, PERMISSION_OBSERVATION = PERMISSION_BROWSE | PERMISSION_READ | PERMISSION_READHISTORY | PERMISSION_RECEIVEEVENTS, PERMISSION_OPERATION = PERMISSION_OBSERVATION | PERMISSION_WRITE | PERMISSION_CALL,
  PERMISSION_OBSERVATION_VARIABLE = PERMISSION_BROWSE | PERMISSION_READ | PERMISSION_READHISTORY, PERMISSION_OPERATION_VARIABLE = PERMISSION_OBSERVATION_VARIABLE | PERMISSION_WRITE, PERMISSION_OBSERVATION_METHOD = PERMISSION_BROWSE, PERMISSION_OPERATION_METHOD = PERMISSION_OBSERVATION_METHOD | PERMISSION_CALL,
  PERMISSION_OBSERVATION_OBJECT = PERMISSION_BROWSE | PERMISSION_READHISTORY | PERMISSION_RECEIVEEVENTS, PERMISSION_OPERATION_OBJECT = PERMISSION_OBSERVATION_OBJECT | PERMISSION_CALL, PERMISSION_ALL = 0x0001FFFF
}
 Definition of the PermissionType Enumeration defining the permissions of the NodeAccessInfo. More...
 
enum  RestrictionFlags {
  RESTRICTION_NONE = 0x00, RESTRICTION_SIGNING_REQUIRED = 0x01, RESTRICTION_SIGN_AND_ENCRYPT_REQUIRED = 0x03, RESTRICTION_SESSION_REQUIRED = 0x04,
  RESTRICTION_APPLY_TO_BROWSE = 0x08, RESTRICTION_ALL = 0x0F, RESTRICTION_REQUIRED_MASK = RESTRICTION_SIGN_AND_ENCRYPT_REQUIRED | RESTRICTION_SESSION_REQUIRED
}
 Definition of the RestrictionFlags Enumeration defining possible restrictions to access a resource. More...
 

Public Member Functions

virtual UaStatus hasAccess (const SessionUserContext *pUserContext, Permissions requestedPermissions, AccessRestrictions availableFlags) const =0
 Check if access to a requested operation is granted for a specific SessionUserContext. More...
 
virtual bool hasAccess (const SessionUserContext *pUserContext, Permissions requestedPermissions) const =0
 Check if access to a requested operation is granted for a specific SessionUserContext. More...
 
virtual AccessRestrictions accessRestrictions () const =0
 Return the RestrictionFlags for the NodeAccessInfo. More...
 
virtual UaRolePermissionTypes getRolePermissions () const =0
 Return all RolePermissions configured for the NodeAccessInfo. More...
 
virtual UaRolePermissionTypes getUserRolePermissions (const SessionUserContext *pUserContext) const =0
 Return all RolePermissions configured for the NodeAccessInfo for a specific user. More...
 
- Public Member Functions inherited from ReferenceCounter
 ReferenceCounter ()
 construction
 
virtual ~ReferenceCounter ()
 destruction
 

Static Public Member Functions

static UaStatus checkAccess (const Session *pSession, const NodeAccessInfo *pNodePermissions, const NodeAccessInfo *pDefaultPermissions, Permissions requestedPermissions)
 Helper method to easily check access based on a session context. More...
 
static AccessRestrictions accessRestrictionsFromSession (const Session *pSession)
 Helper method to extract the available RestrictionFlags from the SessionContext. More...
 

Detailed Description

Class for the user access flags of a node in the address space.

OPC UA defines different information model elements like Objects, Variables, Method and Events and different services to access the information. This access can be restricted based on the user that tries to access the information. The user authentication is done during the Session creation and the user information is stored in the Session using the class SessionUserContext.

The access masks and the authorized user and group are stored in the UaNode with the class NodeAccessInfo. The information from SessionUserContext and NodeAccessInfo is used to determine if the requested operation like Read, Write or Browse can be executed.

The different permissions are defined by the PermissionType.

The different masks are defined by AccessMask.

The class is reference counted. After creation, the reference counter is 1. If the NodeAccessInfo is set on a node with UaNode::attachAccessInfo(), the reference counter is not incremented and the node takes ownership of the one reference. If you want to set NodeAccessInfo on additional nodes, the method UaNode::setAccessInfo() is used. It increments the reference counter of NodeAccessInfo.

Member Enumeration Documentation

Definition of the PermissionType Enumeration defining the permissions of the NodeAccessInfo.

PermissionFlags enumeration

Enumerator
PERMISSION_NONE 

No access to any attribute or reference of the Node

PERMISSION_BROWSE 

See referenes to and from the Node. This includes reading all attributes other than Value and RolePermissions

PERMISSION_READROLEPERMISSIONS 

Read access to the attribute RolePermissions

PERMISSION_WRITEATTRIBUTE 

Write access to the attributes other than Value, Historizing and RolePermissions if the WriteMask indicates that the Attribute is writeable

PERMISSION_WRITEROLEPERMISSIONS 

Write access to the attribute RolePermissions if the WriteMask indicates that the Attribute is writeable

PERMISSION_WRITEHISTORIZING 

Write access to the attribute Historizing if the WriteMask indicates that the Attribute is writeable

PERMISSION_READ 

Read access to the Value attribute

PERMISSION_WRITE 

Write access to the Value attribute

PERMISSION_READHISTORY 

Read history associated with the Node

PERMISSION_INSERTHISTORY 

Insert history associated with the Node

PERMISSION_MODIFYHISTORY 

Modify history associated with the Node

PERMISSION_DELETEHISTORY 

Delete history associated with the Node

PERMISSION_RECEIVEEVENTS 

Receive events rights

PERMISSION_CALL 

Execute method call rights

PERMISSION_ADDREFERENCE 

Allow adding references to the Node

PERMISSION_REMOVEREFERENCE 

Allow removing references to / from the Node

PERMISSION_DELETENODE 

Allow to delete the Node

PERMISSION_ADDNODE 

Allow to add Nodes to the Namespace. Only used for RolePermissions Properties of the NamespaceMetadata object

PERMISSION_OBSERVATION 

Typical access permissions for an observer role

PERMISSION_OPERATION 

Typical access permissions for an operator role

PERMISSION_OBSERVATION_VARIABLE 

Typical access permissions for an observer role for a variable

PERMISSION_OPERATION_VARIABLE 

Typical access permissions for an operator role for a variable

PERMISSION_OBSERVATION_METHOD 

Typical access permissions for an observer role for a method

PERMISSION_OPERATION_METHOD 

Typical access permissions for an operator role for a method

PERMISSION_OBSERVATION_OBJECT 

Typical access permissions for an observer role for an object

PERMISSION_OPERATION_OBJECT 

Typical access permissions for an operator role for an object

PERMISSION_ALL 

Full access

Definition of the RestrictionFlags Enumeration defining possible restrictions to access a resource.

RestrictionFlags enumeration

Enumerator
RESTRICTION_NONE 

No requirements for access

RESTRICTION_SIGNING_REQUIRED 

Access requires message signing

RESTRICTION_SIGN_AND_ENCRYPT_REQUIRED 

Access requires message signing and encryption

RESTRICTION_SESSION_REQUIRED 

Access requires a session

RESTRICTION_APPLY_TO_BROWSE 

Also apply the restrictions flags for the browse service

RESTRICTION_ALL 

Require all flags above

RESTRICTION_REQUIRED_MASK 

Mask to just use the 'Required' flags i.e. not RESTRICTION_APPLY_TO_BROWSE

Member Function Documentation

virtual AccessRestrictions NodeAccessInfo::accessRestrictions ( ) const
pure virtual

Return the RestrictionFlags for the NodeAccessInfo.

Returns
The bitwise OR combination of the RestrictionFlags

Implemented in NodeAccessInfoBase.

static AccessRestrictions NodeAccessInfo::accessRestrictionsFromSession ( const Session pSession)
inlinestatic

Helper method to extract the available RestrictionFlags from the SessionContext.

  • if the Session is not SessionLess the flag RESTRICTION_SESSION_REQUIRED is set.
  • if the MessageSecurityMode of the Session includes signing the flag RESTRICTION_SIGNING_REQUIRED is set.
  • if the MessageSecurityMode of the Session includes encryption the flag RESTRICTION_SIGN_AND_ENCRYPT_REQUIRED is set.
    Parameters
    pSessionThe session context.
    Returns
    The bitwise OR combination of the RestrictionFlags described above.
static UaStatus NodeAccessInfo::checkAccess ( const Session pSession,
const NodeAccessInfo pNodePermissions,
const NodeAccessInfo pDefaultPermissions,
Permissions  requestedPermissions 
)
inlinestatic

Helper method to easily check access based on a session context.

The Precedence to do the checks is:

  1. Check the NodePermissions if set
  2. Check the DefaultPermissions if set
    Parameters
    pSessionThe session context providing access to the SessionUserContext. The SessionUserContext is needed to check the permissions (NodePermissions and DefaultPermissions).
    pNodePermissionsThe NodeAccessInfo to validate.
    pDefaultPermissionsThe default NodeAccessInfo to validate.
    requestedPermissionsPermissionFlags specifying what kind of permissions are requested
    Returns
    Good when access is granted otherwise a specific error indicating why the access is denied.
virtual UaRolePermissionTypes NodeAccessInfo::getRolePermissions ( ) const
pure virtual

Return all RolePermissions configured for the NodeAccessInfo.

A RolePermission is combination of RoleId and a number of PermissionFlags.

Returns
A list of all RolePermissions configured for the NodeAccessInfo

Implemented in NodeAccessInfoBase.

virtual UaRolePermissionTypes NodeAccessInfo::getUserRolePermissions ( const SessionUserContext pUserContext) const
pure virtual

Return all RolePermissions configured for the NodeAccessInfo for a specific user.

A RolePermission consists of RoleId and a number of PermissionFlags.

Parameters
pUserContextThe SessionUserContext gives access to a list of RoleIds associated with a user.
Returns
A list of all RolePermissions configured for the NodeAccessInfo

Implemented in NodeAccessInfoBase.

virtual UaStatus NodeAccessInfo::hasAccess ( const SessionUserContext pUserContext,
Permissions  requestedPermissions,
AccessRestrictions  availableFlags 
) const
pure virtual

Check if access to a requested operation is granted for a specific SessionUserContext.

The requested permission can be a single flag or a combination of PermissionFlags.

Parameters
pUserContextThe SessionUserContext gives access to a list of RoleIds associated with a user.
requestedPermissionsThe requested permission can be a single flag or a combination of PermissionFlags.
availableFlagsThe RestrictionFlags that are available form the session.
Returns
True if access is granted. Otherwise false.

Implemented in NodeAccessInfoBase.

virtual bool NodeAccessInfo::hasAccess ( const SessionUserContext pUserContext,
Permissions  requestedPermissions 
) const
pure virtual

Check if access to a requested operation is granted for a specific SessionUserContext.

The requested permission can be a single flag or a combination of PermissionFlags.

Parameters
pUserContextThe SessionUserContext gives access to a list of RoleIds associated with a user.
requestedPermissionsThe requested permission can be a single flag or a combination of PermissionFlags.
Returns
True if access is granted. Otherwise false.

Implemented in NodeAccessInfoBase.


The documentation for this class was generated from the following file: