The RoleSet Object defined in Table 2 is used to publish all Roles supported by the Server.
|
BrowseName |
RoleSet |
||||
|
References |
Node Class |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
ComponentOf the ServerCapabilities Object defined in OPC 10000-5 |
|||||
|
HasTypeDefinition |
ObjectType |
RoleSetType |
|
|
|
|
HasComponent |
Object |
Anonymous |
|
RoleType |
|
|
HasComponent |
Object |
AuthenticatedUser |
|
RoleType |
|
|
HasComponent |
Object |
TrustedApplication |
|
RoleType |
|
|
HasComponent |
Object |
Observer |
|
RoleType |
|
|
HasComponent |
Object |
Operator |
|
RoleType |
|
|
HasComponent |
Object |
Engineer |
|
RoleType |
|
|
HasComponent |
Object |
Supervisor |
|
RoleType |
|
|
HasComponent |
Object |
ConfigureAdmin |
|
RoleType |
|
|
HasComponent |
Object |
SecurityAdmin |
|
RoleType |
|
|
Conformance Units |
|||||
|
Security Role Server Base 2 |
|||||
Servers should support the well-known Roles which are defined in OPC 10000-3.
The default Identities for the Anonymous Role should be Identities with the criteriaType IdentityCriteriaType.Anonymous and the criteriaType IdentityCriteriaType.AuthenticatedUser. The Anonymous Role is the default Role which is always assigned to all Sessions.
The default Identities for the AuthenticatedUser Role should be an identity with the criteriaType IdentityCriteriaType.AuthenticatedUser.
The default Identities for the TrustedApplication Role should be an identity with the criteriaType IdentityCriteriaType.TrustedApplication.
A Server shall not allow changes to the Roles Anonymous, AuthenticatedUser and TrustedApplication.
A Server shall not allow the deletion of the well-known Roles Anonymous and AuthenticatedUser TrustedApplication.
The additional definition for the conformance units of the instances is defined in Table 3.
Table 3 – RoleSet Additional Conformance Units
|
BrowsePath |
Conformance Units |
||
|
AddRole |
Security Role Server Management |
||
|
RemoveRole |
Security Role Server Management |
||
|
ConfigureAdmin |
Security Role Well Known |
||
|
SecurityAdmin |
Security Role Well Known |
||
|
Anonymous |
Security Role Well Known Group 2 |
||
|
AuthenticatedUser |
Security Role Well Known Group 2 |
||
|
TrustedApplication |
Security Role TrustedApplication |
||
|
Observer |
Security Role Well Known Group 3 |
||
|
Operator |
Security Role Well Known Group 3 |
||
|
Engineer |
Security Role Well Known Group 3 |
||
|
Supervisor |
Security Role Well Known Group 3 |
||
|
Security Role Server IdentityManagement |
||
|
Security Role Server IdentityManagement |
||
|
Security Role Server Restrict Applications |
||
|
Security Role Server Restrict Applications |
||
|
Security Role Server Restrict Applications |
||
|
Security Role Server Restrict Applications |
||
|
Security Role Server Restrict Endpoints |
||
|
Security Role Server Restrict Endpoints |
||
|
Security Role Server Restrict Endpoints |
||
|
Security Role Server Restrict Endpoints |
||
|
Security Role Server IdentityManagement |
||
|
Security Role Server IdentityManagement |
||
|
Security Role Server Restrict Applications |
||
|
Security Role Server Restrict Applications |
||
|
Security Role Server Restrict Applications |
||
|
Security Role Server Restrict Applications |
||
|
Security Role Server Restrict Endpoints |
||
|
Security Role Server Restrict Endpoints |
||
|
Security Role Server Restrict Endpoints |
||
|
Security Role Server Restrict Endpoints |
||
|
Security Role Server IdentityManagement |
||
|
Security Role Server IdentityManagement |
||
|
Security Role Server Restrict Applications |
||
|
Security Role Server Restrict Applications |
||
|
Security Role Server Restrict Applications |
||
|
Security Role Server Restrict Applications |
||
|
Security Role Server Restrict Endpoints |
||
|
Security Role Server Restrict Endpoints |
||
|
Security Role Server Restrict Endpoints |
||
|
Security Role Server Restrict Endpoints |
||
|
Security Role Server IdentityManagement |
||
|
Security Role Server IdentityManagement |
||
|
Security Role Server Restrict Applications |
||
|
Security Role Server Restrict Applications |
||
|
Security Role Server Restrict Applications |
||
|
Security Role Server Restrict Applications |
||
|
Security Role Server Restrict Endpoints |
||
|
Security Role Server Restrict Endpoints |
||
|
Security Role Server Restrict Endpoints |
||
|
Security Role Server Restrict Endpoints |
||
|
Security Role Server IdentityManagement |
||
|
Security Role Server IdentityManagement |
||
|
Security Role Server Restrict Applications |
||
|
Security Role Server Restrict Applications |
||
|
Security Role Server Restrict Applications |
||
|
Security Role Server Restrict Applications |
||
|
Security Role Server Restrict Endpoints |
||
|
Security Role Server Restrict Endpoints |
||
|
Security Role Server Restrict Endpoints |
||
|
Security Role Server Restrict Endpoints |
||
|
Security Role Server IdentityManagement |
||
|
Security Role Server IdentityManagement |
||
|
Security Role Server Restrict Applications |
||
|
Security Role Server Restrict Applications |
||
|
Security Role Server Restrict Applications |
||
|
Security Role Server Restrict Applications |
||
|
Security Role Server Restrict Endpoints |
||
|
Security Role Server Restrict Endpoints |
||
|
Security Role Server Restrict Endpoints |
||
|
Security Role Server Restrict Endpoints |