The UserManagement Object defined in 5.3 is a UserManagementType which is formally defined in Table 13.

Table 13 – UserManagementType definition

Attribute

Value

BrowseName

UserManagementType

IsAbstract

False

References

Node Class

BrowseName

DataType

TypeDefinition

Modelling Rule

Subtype of BaseObjectType defined in OPC 10000-5

HasProperty

Variable

Users

UserManagementDataType[]

PropertyType

Mandatory

HasProperty

Variable

PasswordLength

Range

PropertyType

Mandatory

HasProperty

Variable

PasswordOptions

PasswordOptionsMask

PropertyType

Mandatory

HasProperty

Variable

PasswordRestrictions

LocalizedText

PropertyType

Optional

HasComponent

Method

AddUser

Defined in 5.2.5.

Mandatory

HasComponent

Method

ModifyUser

Defined in 5.2.6.

Mandatory

HasComponent

Method

RemoveUser

Defined in 5.2.7.

Mandatory

HasComponent

Method

ChangePassword

Defined in 5.2.8.

Mandatory

Conformance Units

Security User Management Server

The Properties and Methods of the UserManagementType contain sensitive security related information and shall only be readable and callable by authorized administrators through an encrypted channel. The only exception is the ChangePassword Method. It requires an encrypted channel but it can be called by the Session user if the user token type for the Session is not USERNAME.

The Users Property specifies the currently configured users and their settings as array of UserManagementDataType Structure defined in 5.2.4.

The Property PasswordLength defines the minimum and maximum length requirement for setting the password. A value of 0 for low indicates no limit for minimum and 0 for high indicates no limit for maximum password length. The Range DataType is defined in OPC 10000-8.

The Property PasswordOptions defines the password features and requirements for setting a password in a bit mask defined by the PasswordOptionsMask DataType. If the Server does not define any special requirements nor does not support enhanced features for the password management, all bits in the bit mask are set to false.

The Property PasswordRestrictions allows a Server to provide additional explanations about the rules applied to new passwords accepted by the Server.