The SecurityGroupFolderType is formally defined Table 216.
Table 216 – SecurityGroupFolderType definition
Attribute |
Value |
||||
BrowseName |
SecurityGroupFolderType |
||||
IsAbstract |
False |
||||
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
Subtype of FolderType defined in OPC 10000-5. |
|||||
|
|
|
|
|
|
Organizes |
Object |
<SecurityGroupFolderName> |
|
SecurityGroup FolderType |
OptionalPlaceholder |
HasComponent |
Object |
<SecurityGroupName> |
|
SecurityGroupType |
OptionalPlaceholder |
HasComponent |
Method |
AddSecurityGroup |
Defined in 8.5.2. |
Mandatory |
|
HasComponent |
Method |
RemoveSecurityGroup |
Defined in 8.5.3. |
Mandatory |
|
HasComponent |
Method |
AddSecurityGroupFolder |
Defined in 8.5.4. |
Optional |
|
HasComponent |
Method |
RemoveSecurityGroupFolder |
Defined in 8.5.5. |
Optional |
|
HasProperty |
Variable |
SupportedSecurityPolicyUris |
String[] |
PropertyType |
Optional |
Conformance Units |
|||||
PubSub Model SKS |
The SecurityGroupFolderType ObjectType is a concrete type and can be used directly.
Instances of the SecurityGroupFolderType can contain SecurityGroup Objects or other instances of the SecurityGroupFolderType. This can be used to build a tree of folder Objects used to organize the configured SecurityGroups.
The SecurityGroup Objects are added as components to the instance of the SecurityGroupFolderType. A SecurityGroup Object is referenced only from one folder. If the folder is deleted, all referenced SecurityGroup Objects are deleted with the folder.
The SupportedSecurityPolicyUris Property contains a String array with the SecurityPolicyUris supported by the SKS. The Property shall be provided at the root SecurityGroupFolder. The default SecurityPolicyUri is the first array element.
This Method is used to add a SecurityGroupType Object to the SecurityGroupFolderType Object or to return an existing Object if the parameters match the configuration of an existing Object.
The Client shall be authorized to modify the configuration for the SKS functionality and shall use at least a signed communication channel when invoking this Method on the Server.
Signature
AddSecurityGroup (
[in]StringSecurityGroupName,
[in]DurationKeyLifetime,
[in]StringSecurityPolicyUri,
[in]UInt32MaxFutureKeyCount,
[in]UInt32MaxPastKeyCount,
[out]StringSecurityGroupId,
[out]NodeIdSecurityGroupNodeId
);
Argument |
Description |
SecurityGroupName |
Name of the SecurityGroup to add. |
KeyLifetime |
The lifetime of a key in milliseconds. If 0 is passed in, the SKS sets the default KeyLifetime. If the requested value exceeds the limits defined by the SKS, the value is adjusted by the SKS. The caller should get the revised value by reading the KeyLifetime of the created SecurityGroup. |
SecurityPolicyUri |
The SecurityPolicy used for the SecurityGroup. If a null or empty String is passed in, the SKS sets the default SecurityPolicyUri. If the SecurityPolicyUri is not known to the SKS, Bad_InvalidArgument shall be returned. |
MaxFutureKeyCount |
The maximum number of future keys returned by the Method GetSecurityKeys. If 0 is passed in, the SKS sets the default MaxFutureKeyCount. If the requested value exceeds the limits defined by the SKS, the value is adjusted by the SKS. The caller should get the revised value by reading the MaxFutureKeyCount of the created SecurityGroup. |
MaxPastKeyCount |
The maximum number of historical keys stored by the SKS. If the requested value exceeds the limits defined by the SKS, the value is adjusted by the SKS. The caller should get the revised value by reading the MaxPastKeyCount of the created SecurityGroup. |
SecurityGroupId |
The identifier for the SecurityGroup. The SecurityGroupId shall match the SecurityGroupName. |
SecurityGroupNodeId |
The NodeId of the added SecurityGroupType Object. |
Method Result Codes
ResultCode |
Description |
Bad_NodeIdExists |
A SecurityGroup with the name already exists but the arguments do not match the existing object. |
Good_DataIgnored |
A Object with the configuration already exists and was returned without adding a new Object. |
Bad_InvalidArgument |
The SecurityPolicyUri is not supported by the SKS. |
Bad_UserAccessDenied |
The Session user is not allowed to configure the object. |
Bad_SecurityModeInsufficient |
The communication channel is not using signing. |
Table 217 specifies the AddressSpace representation for the AddSecurityGroup Method.
Table 217 – AddSecurityGroup Method AddressSpace definition
Attribute |
Value |
||||
BrowseName |
AddSecurityGroup |
||||
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
HasProperty |
Variable |
InputArguments |
Argument[] |
PropertyType |
Mandatory |
HasProperty |
Variable |
OutputArguments |
Argument[] |
PropertyType |
Mandatory |
ConformanceUnits |
|||||
PubSub Model SKS |
This Method is used to remove a SecurityGroupType Object from the SecurityGroupFolderType Object.
The Client shall be authorized to modify the configuration for the SKS functionality and shall use at least a signed communication channelwhen invoking this Method on the Server.
See 8.3.2 for details on the lifetime of keys previously issued for this SecurityGroup.
Signature
RemoveSecurityGroup (
[in]NodeIdSecurityGroupNodeId
);
Argument |
Description |
SecurityGroupNodeId |
NodeId of the SecurityGroupType Object to remove from the Server |
Method Result Codes
ResultCode |
Description |
Bad_NodeIdUnknown |
The SecurityGroupNodeId is unknown. |
Bad_NodeIdInvalid |
The SecurityGroupNodeId is not a NodeId of a SecurityGroupType Object. |
Bad_UserAccessDenied |
The Session user is not allowed to delete the SecurityGroupType Object. |
Bad_SecurityModeInsufficient |
The communication channel is not using signing. |
Table 218 specifies the AddressSpace representation for the RemoveSecurityGroup Method.
Table 218 – RemoveSecurityGroup Method AddressSpace definition
Attribute |
Value |
||||
BrowseName |
RemoveSecurityGroup |
||||
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
HasProperty |
Variable |
InputArguments |
Argument[] |
PropertyType |
Mandatory |
ConformanceUnits |
|||||
PubSub Model SKS |
This Method is used to add a SecurityGroupFolderType Object to a SecurityGroupFolderType Object.
The Client shall be authorized to modify the configuration for the PubSub functionality when invoking this Method on the Server.
Signature
AddSecurityGroupFolder (
[in]StringName,
[out]NodeIdSecurityGroupFolderNodeId
);
Argument |
Description |
Name |
Name of the Object to create. |
SecurityGroupFolderNodeId |
NodeId of the created SecurityGroupFolderType Object. |
Method Result Codes
ResultCode |
Description |
Bad_BrowseNameDuplicated |
A folder Object with the name already exists. |
Bad_InvalidArgument |
The Server is not able to apply the Name. The Name may be too long or may contain invalid characters. |
Bad_UserAccessDenied |
The Session user is not allowed to add a folder. |
Table 219 specifies the AddressSpace representation for the AddSecurityGroupFolder Method.
Table 219 – AddSecurityGroupFolder Method AddressSpace definition
Attribute |
Value |
||||
BrowseName |
AddSecurityGroupFolder |
||||
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
HasProperty |
Variable |
InputArguments |
Argument[] |
PropertyType |
Mandatory |
HasProperty |
Variable |
OutputArguments |
Argument[] |
PropertyType |
Mandatory |
ConformanceUnits |
|||||
PubSub Model SKS |
This Method is used to remove a SecurityGroupFolderType Object from the parent SecurityGroupFolderType Object.
A successful removal of the SecurityGroupFolderType Object removes recursively all contained SecurityGroupType Objects and all contained SecurityGroupFolderType Objects.
The Client shall be authorized to modify the configuration for the PubSub functionality when invoking this Method on the Server.
Signature
RemoveSecurityGroupFolder (
[in]NodeIdSecurityGroupFolderNodeId
);
Argument |
Description |
SecurityGroupFolderNodeId |
NodeId of the SecurityGroupFolderType Object to remove from the Server. |
Method Result Codes
ResultCode |
Description |
Bad_NodeIdUnknown |
The SecurityGroupFolderNodeId is unknown. |
Bad_UserAccessDenied |
The Session user is not allowed to delete the folder. |
Table 220 specifies the AddressSpace representation for the RemoveSecurityGroupFolder Method.
Table 220 – RemoveSecurityGroupFolder Method AddressSpace definition
Attribute |
Value |
||||
BrowseName |
RemoveSecurityGroupFolder |
||||
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
HasProperty |
Variable |
InputArguments |
Argument[] |
PropertyType |
Mandatory |
ConformanceUnits |
|||||
PubSub Model SKS |