The UserManagement Object defined in 5.3 is a UserManagementType which is formally defined in Table 13.
Table 13 – UserManagementType definition
|
BrowseName |
UserManagementType |
||||
|
IsAbstract |
False |
||||
|
References |
Node Class |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of BaseObjectType defined in OPC 10000-5 |
|||||
|
HasProperty |
Variable |
Users |
UserManagementDataType[] |
PropertyType |
Mandatory |
|
HasProperty |
Variable |
PasswordLength |
Range |
PropertyType |
Mandatory |
|
HasProperty |
Variable |
PasswordOptions |
PasswordOptionsMask |
PropertyType |
Mandatory |
|
HasProperty |
Variable |
PasswordRestrictions |
LocalizedText |
PropertyType |
Optional |
|
HasComponent |
Method |
AddUser |
Defined in 5.2.5. |
Mandatory |
|
|
HasComponent |
Method |
ModifyUser |
Defined in 5.2.6. |
Mandatory |
|
|
HasComponent |
Method |
RemoveUser |
Defined in 5.2.7. |
Mandatory |
|
|
HasComponent |
Method |
ChangePassword |
Defined in 5.2.8. |
Mandatory |
|
|
Conformance Units |
|||||
|
Security User Management Server |
|||||
The Properties and Methods of the UserManagementType contain sensitive security related information and shall only be readable and callable by authorized administrators through an encrypted channel. The only exception is the ChangePassword Method. It requires an encrypted channel but it can be called by the Session user if the user token type for the Session is not USERNAME.
The Users Property specifies the currently configured users and their settings as array of UserManagementDataType Structure defined in 5.2.4.
The Property PasswordLength defines the minimum and maximum length requirement for setting the password. A value of 0 for low indicates no limit for minimum and 0 for high indicates no limit for maximum password length. The Range DataType is defined in OPC 10000-8.
The Property PasswordOptions defines the password features and requirements for setting a password in a bit mask defined by the PasswordOptionsMask DataType. If the Server does not define any special requirements nor does not support enhanced features for the password management, all bits in the bit mask are set to false.
The Property PasswordRestrictions allows a Server to provide additional explanations about the rules applied to new passwords accepted by the Server.