.NET Based OPC UA Client/Server SDK
3.3.0.530
|
The Demo Server contains example code for assigning access rights to nodes, which can be found in the file Demo → DemoNodeManager.AccessControl.cs and AccessControlManager.cs in the Visual Studio Solution for the Demo Server. It shows how to control the read and write access for Variable values and the browse access for specific nodes.
There are several virtual HasAccess methods defined at the BaseNodeManager. These methods control whether some specific content is send to a client. The default implementation evaluates the RolePermissions defined at the node or the DefaultRolePermissions defined at the NamespaceMetada object of the namespace. The HasAccess methods can be overrided for a custom implementation of the access checks.
In the example the RolePermissions attribute is set at the nodes if required. So all access checks are done by the sdk.
The folder containing nodes with access rights that are different for specific users can be found in the folder Objects → Demo → 005_AccessRights in the Demo Server address space. There are several subfolders:
Folder Name | Description |
---|---|
Access_All | Contains Variables having value attributes that can be read and written by everybody. |
Access_John | Contains Variables having value attributes that can be read and written by john only (John_RO, John_RW, John_WO) and Variables where john has full access and other users have restricted access. |
Access_Operators | Contains Variables having value attributes that can be read and written by users of the operators group (Operators_RO, Operators_RW, Operators_WO) and Variables where john has full access and other users have restricted access. |
Browse_All | Can be browsed by all users. |
Browse_John | Can only be browsed by the user john. |
Browse_Operators | Can be browsed by users of the operators group. |
If the server is not running yet, it is suffucient to set the RolePermissions attribute at a node.
If the server is already running when a node is created, in addition the IRolePermissions property at a node has to be set.
A list of users and their passwords can be found in the description of the User Authentication example.
The Roles are assigned to user by the sdk when the Session is initially activated. The mapping to Roles is described in the RoleConfiguration file (DemoServerRoleConfiguration.xml). This file is installed to %CommonApplicationData%/unifiedautomation/UaSdkNet/RoleConfiguration
to ensure that the application has write access to that file.
See the schema file RoleConfiguration.xsd for a detailed description of this configuration file.