OPC UA provides standard approach for implementing role based security. Servers may choose to implement none, part or all of mechanisms defined in OPC 10000-5 and in OPC 10000-18. The OPC UA approach assigns Permissions to Roles illustrated in Figure 4. Clients are then granted Roles based on connection information (Session creation). Roles might be restricted by User Authentication, Application Authentication, SecurityModes, or Transports. The assignment of Roles and restrictions is application specific, but they might be assigned to all Nodes in a Namespace or to specific Nodes.
For additional description of Roles see in OPC 10000-18.