C++ Based OPC UA Client/Server/PubSub SDK
1.7.6.537
|
Class for the user access flags of a node in the address space. More...
#include <nodeaccessinfo.h>
Inherits ReferenceCounter.
Inherited by NodeAccessInfoBase.
Public Types | |
enum | PermissionFlags { PERMISSION_NONE = 0x00000000, PERMISSION_BROWSE = 0x00000001, PERMISSION_READROLEPERMISSIONS = 0x00000002, PERMISSION_WRITEATTRIBUTE = 0x00000004, PERMISSION_WRITEROLEPERMISSIONS = 0x00000008, PERMISSION_WRITEHISTORIZING = 0x00000010, PERMISSION_READ = 0x00000020, PERMISSION_WRITE = 0x00000040, PERMISSION_READHISTORY = 0x00000080, PERMISSION_INSERTHISTORY = 0x00000100, PERMISSION_MODIFYHISTORY = 0x00000200, PERMISSION_DELETEHISTORY = 0x00000400, PERMISSION_RECEIVEEVENTS = 0x00000800, PERMISSION_CALL = 0x00001000, PERMISSION_ADDREFERENCE = 0x00002000, PERMISSION_REMOVEREFERENCE = 0x00004000, PERMISSION_DELETENODE = 0x00008000, PERMISSION_ADDNODE = 0x00010000, PERMISSION_OBSERVATION = PERMISSION_BROWSE | PERMISSION_READ | PERMISSION_READHISTORY | PERMISSION_RECEIVEEVENTS, PERMISSION_OPERATION = PERMISSION_OBSERVATION | PERMISSION_WRITE | PERMISSION_CALL, PERMISSION_OBSERVATION_VARIABLE = PERMISSION_BROWSE | PERMISSION_READ | PERMISSION_READHISTORY, PERMISSION_OPERATION_VARIABLE = PERMISSION_OBSERVATION_VARIABLE | PERMISSION_WRITE, PERMISSION_OBSERVATION_METHOD = PERMISSION_BROWSE, PERMISSION_OPERATION_METHOD = PERMISSION_OBSERVATION_METHOD | PERMISSION_CALL, PERMISSION_OBSERVATION_OBJECT = PERMISSION_BROWSE | PERMISSION_READHISTORY | PERMISSION_RECEIVEEVENTS, PERMISSION_OPERATION_OBJECT = PERMISSION_OBSERVATION_OBJECT | PERMISSION_CALL, PERMISSION_ALL = 0x0001FFFF } |
Definition of the PermissionType Enumeration defining the permissions of the NodeAccessInfo. More... | |
enum | RestrictionFlags { RESTRICTION_NONE = 0x00, RESTRICTION_SIGNING_REQUIRED = 0x01, RESTRICTION_SIGN_AND_ENCRYPT_REQUIRED = 0x03, RESTRICTION_SESSION_REQUIRED = 0x04, RESTRICTION_APPLY_TO_BROWSE = 0x08, RESTRICTION_ALL = 0x0F, RESTRICTION_REQUIRED_MASK = RESTRICTION_SIGN_AND_ENCRYPT_REQUIRED | RESTRICTION_SESSION_REQUIRED } |
Definition of the RestrictionFlags Enumeration defining possible restrictions to access a resource. More... | |
Public Member Functions | |
virtual UaStatus | hasAccess (const SessionUserContext *pUserContext, Permissions requestedPermissions, AccessRestrictions availableFlags) const =0 |
Check if access to a requested operation is granted for a specific SessionUserContext. More... | |
virtual bool | hasAccess (const SessionUserContext *pUserContext, Permissions requestedPermissions) const =0 |
Check if access to a requested operation is granted for a specific SessionUserContext. More... | |
virtual AccessRestrictions | accessRestrictions () const =0 |
Return the RestrictionFlags for the NodeAccessInfo. More... | |
virtual UaRolePermissionTypes | getRolePermissions () const =0 |
Return all RolePermissions configured for the NodeAccessInfo. More... | |
virtual UaRolePermissionTypes | getUserRolePermissions (const SessionUserContext *pUserContext) const =0 |
Return all RolePermissions configured for the NodeAccessInfo for a specific user. More... | |
Public Member Functions inherited from ReferenceCounter | |
ReferenceCounter () | |
construction | |
virtual | ~ReferenceCounter () |
destruction | |
Static Public Member Functions | |
static UaStatus | checkAccess (const Session *pSession, const NodeAccessInfo *pNodePermissions, const NodeAccessInfo *pDefaultPermissions, Permissions requestedPermissions) |
Helper method to easily check access based on a session context. More... | |
static AccessRestrictions | accessRestrictionsFromSession (const Session *pSession) |
Helper method to extract the available RestrictionFlags from the SessionContext. More... | |
Class for the user access flags of a node in the address space.
OPC UA defines different information model elements like Objects, Variables, Method and Events and different services to access the information. This access can be restricted based on the user that tries to access the information. The user authentication is done during the Session creation and the user information is stored in the Session using the class SessionUserContext.
The access masks and the authorized user and group are stored in the UaNode with the class NodeAccessInfo. The information from SessionUserContext and NodeAccessInfo is used to determine if the requested operation like Read, Write or Browse can be executed.
The different permissions are defined by the PermissionType.
The different masks are defined by AccessMask.
The class is reference counted. After creation, the reference counter is 1. If the NodeAccessInfo is set on a node with UaNode::attachAccessInfo(), the reference counter is not incremented and the node takes ownership of the one reference. If you want to set NodeAccessInfo on additional nodes, the method UaNode::setAccessInfo() is used. It increments the reference counter of NodeAccessInfo.
Definition of the PermissionType Enumeration defining the permissions of the NodeAccessInfo.
PermissionFlags enumeration
Definition of the RestrictionFlags Enumeration defining possible restrictions to access a resource.
RestrictionFlags enumeration
|
pure virtual |
Return the RestrictionFlags for the NodeAccessInfo.
Implemented in NodeAccessInfoBase.
|
inlinestatic |
Helper method to extract the available RestrictionFlags from the SessionContext.
pSession | The session context. |
|
inlinestatic |
Helper method to easily check access based on a session context.
The Precedence to do the checks is:
pSession | The session context providing access to the SessionUserContext. The SessionUserContext is needed to check the permissions (NodePermissions and DefaultPermissions). |
pNodePermissions | The NodeAccessInfo to validate. |
pDefaultPermissions | The default NodeAccessInfo to validate. |
requestedPermissions | PermissionFlags specifying what kind of permissions are requested |
|
pure virtual |
Return all RolePermissions configured for the NodeAccessInfo.
A RolePermission is combination of RoleId and a number of PermissionFlags.
Implemented in NodeAccessInfoBase.
|
pure virtual |
Return all RolePermissions configured for the NodeAccessInfo for a specific user.
A RolePermission consists of RoleId and a number of PermissionFlags.
pUserContext | The SessionUserContext gives access to a list of RoleIds associated with a user. |
Implemented in NodeAccessInfoBase.
|
pure virtual |
Check if access to a requested operation is granted for a specific SessionUserContext.
The requested permission can be a single flag or a combination of PermissionFlags.
pUserContext | The SessionUserContext gives access to a list of RoleIds associated with a user. |
requestedPermissions | The requested permission can be a single flag or a combination of PermissionFlags. |
availableFlags | The RestrictionFlags that are available form the session. |
Implemented in NodeAccessInfoBase.
|
pure virtual |
Check if access to a requested operation is granted for a specific SessionUserContext.
The requested permission can be a single flag or a combination of PermissionFlags.
pUserContext | The SessionUserContext gives access to a list of RoleIds associated with a user. |
requestedPermissions | The requested permission can be a single flag or a combination of PermissionFlags. |
Implemented in NodeAccessInfoBase.