UA Part 18: Role-Based Security

The RoleSet Object defined in Table 4 is used to publish all Roles supported by the Server.

*Attribute*	*Value*
BrowseName	RoleSet
References	*Node* Class	BrowseName	DataType	TypeDefinition	Modelling Rule
ComponentOf the ServerCapabilities Object defined in OPC 10000-5
HasTypeDefinition	ObjectType	RoleSetType
HasComponent	Object	Anonymous		RoleType
HasComponent	Object	AuthenticatedUser		RoleType
HasComponent	Object	TrustedApplication		RoleType
HasComponent	Object	Observer		RoleType
HasComponent	Object	Operator		RoleType
HasComponent	Object	Engineer		RoleType
HasComponent	Object	Supervisor		RoleType
HasComponent	Object	ConfigureAdmin		RoleType
HasComponent	Object	SecurityAdmin		RoleType
Conformance Units
Security Role Server Base 2

Servers should support the well-known Roles which are defined in OPC 10000-3.

The default Identities for the Anonymous Role shall be Identities with the criteriaType IdentityCriteriaType.Anonymous and the criteriaType IdentityCriteriaType.AuthenticatedUser. The Anonymous Role is the default Role which is always assigned to all Sessions. The Anonymous Role is the default Role which is always assigned to all Sessions.

A Server shall not allow the deletion of the well-known Roles Anonymous and AuthenticatedUser TrustedApplication.

The additional definition for the conformance units of the instances is defined in Table 5.

Table 5 – RoleSet Additional Conformance Units

BrowsePath	Conformance Units
ConfigureAdmin	Security Role Well Known
SecurityAdmin	Security Role Well Known
Anonymous	Security Role Well Known Group 2
AuthenticatedUser	Security Role Well Known Group 2
TrustedApplication	Security Role TrustedApplication
Observer	Security Role Well Known Group 3
Operator	Security Role Well Known Group 3
Engineer	Security Role Well Known Group 3
Supervisor	Security Role Well Known Group 3