The UserManagement Object defined in5.3is a UserManagementTypewhich is formally defined in Table 13.
Table 13– UserManagementType definition
|
BrowseName |
UserManagementType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of BaseObjectType defined in OPC 10000-5 |
|||||
|
HasProperty |
Variable |
Users |
UserManagementDataType[] |
PropertyType |
Mandatory |
|
HasProperty |
Variable |
PasswordLength |
Range |
PropertyType |
Mandatory |
|
HasProperty |
Variable |
PasswordOptions |
PasswordOptionsMask |
PropertyType |
Mandatory |
|
HasProperty |
Variable |
PasswordRestrictions |
LocalizedText |
PropertyType |
Optional |
|
HasComponent |
Method |
AddUser |
Defined in 5.2.5. |
Mandatory |
|
|
HasComponent |
Method |
ModifyUser |
Defined in 5.2.6. |
Mandatory |
|
|
HasComponent |
Method |
RemoveUser |
Defined in 5.2.7. |
Mandatory |
|
|
HasComponent |
Method |
ChangePassword |
Defined in 5.2.8. |
Mandatory |
|
|
Conformance Units |
|||||
|
Security User Management Server |
|||||
The Propertiesand Methodsof the UserManagementTypecontain sensitive security related information and shall only be readable and callable by authorized administrators through an encrypted channel. The only exception is the ChangePassword Method. It requires an encrypted channel but it can be called by the Sessionuser if the user token type for the Sessionis not USERNAME.
The Users Propertyspecifies the currently configured users and their settings as array of UserManagementDataType Structuredefined in 5.2.4.
The Property PasswordLengthdefines the minimum and maximum length requirement for setting the password. A value of 0 for low indicates no limit for minimum and 0 for high indicates no limit for maximum password length. The Range DataTypeis defined in OPC 10000-8.
The Property PasswordOptionsdefines the password features and requirements for setting a password in a bit mask defined by the PasswordOptionsMask DataType. If the Serverdoes not define any special requirements nor does not support enhanced features for the password management, all bits in the bit mask are set to false.
The Property PasswordRestrictionsallows a Serverto provide additional explanations about the rules applied to new passwords accepted by the Server.