The RoleSet Object defined in Table 10is a RoleSetTypewhich is formally defined in Table F.1.

Table F.1– RoleSetType Definition

Attribute

Value

BrowseName

RoleSetType

IsAbstract

False

References

NodeClass

BrowseName

DataType

TypeDefinition

Modelling Rule

Subtype of BaseObjectType defined in 6.2.

HasComponent

Object

<RoleName>

RoleType

OptionalPlaceholder

HasComponent

Method

AddRole

Defined in F.2.2

Mandatory

HasComponent

Method

RemoveRole

Defined in F.2.3.

Mandatory

The AddRole Methodallows configuration Clientsto add a new Roleto the Server.

The RemoveRole Methodallows configuration Clientsto remove a Rolefrom the Server.

This Methodis used to add a Role to the RoleSet Object.

The combination of the NamespaceUri andRoleNameparameters are used to construct the BrowseNamefor the new Node. The BrowseName shall be unique within the RoleSet Object.

This Methodaffects security and shall only be browseable and callable by authorized administrators.

OPC 10000-3defines well-known Roles. If this Methodis used to add a well-known Role, the name of the Rolefrom OPC 10000-3is used together with the OPC UA namespace URI. The Servershall use the NodeIdsfor the well-known Rolesin this case. The NodeIdsfor the well-known Rolesare defined in OPC 10000-6.

Signature

AddRole(

[in]String RoleName

[in]String NamespaceUri

[out]NodeId RoleNodeId

);

Argument

Description

RoleName

The name of the Role.

NamespaceUri

The NamespaceUriqualifies the RoleName. If this value is null or empty then the resulting BrowseNamewill be qualified by the Server’s NamespaceUri.

RoleNodeId

The NodeIdassigned by the Serverto the new Node.

Method Result Codes

ResultCode

Description

Bad_InvalidArgument

The RoleNameor NamespaceUri is not valid.

The text associated with the error shall indicate the exact problem.

Bad_NotSupported

The Serverdoes not allow more Rolesto be added.

Bad_UserAccessDenied

The caller does not have the necessary Permissions.

This Methodis used to remove a Role from the RoleSet Object.

The RoleNodeIdis the NodeIdof the Role Objectto remove.

The Servermay prohibit the removal of some Rolesbecause they are necessary for the Serverto function.

If a Roleis removed all Permissionsassociated with the Roleare deleted as well. Ideally these changes should take effect immediately, however, some lag may occur.

This Method affects security and shall only be browseable and callable by authorized administrators.

Signature

RemoveRole(

[in]NodeId RoleNodeId

);

Argument

Description

RoleNodeId

The NodeIdof the Role Object.

Method Result Codes

ResultCode

Description

Bad_NodeIdUnknown

The specified Role Objectdoes not exist.

Bad_NotSupported

The Serverdoes not allow the Role Objectto be removed.

Bad_UserAccessDenied

The caller does not have the necessary Permissions.

Bad_RequestNotAllowed

The specified Role Object cannot be removed.