AuthorizationServices restrict access to many of the features they provide. These restrictions are described either by referring to well-known Roles which a Session must have access to or by referring to Privileges which are assigned to Sessions using mechanisms other than the well-known Roles. The well-known Roles for an AuthorizationService are listed in Table 99.
Table 99 – Well-known Roles for an AuthorizationService
|
Name |
Description |
|
AuthorizationServiceAdmin |
This Role grants the right to manage the configuration of an AuthorizationService. |
|
SecurityAdmin |
This Role grants the right to change the security configuration of an AuthorizationService. |
The Privileges for an AuthorizationService are listed in Table 100.
Table 100 – Privileges for an AuthorizationService
|
Name |
Description |
|
AccessTokenRequestor |
This Privilege grants an OPC UA Application the right to request AccessTokens. The Certificate used to create the SecureChannel is used to determine the identity of the OPC UA Application. A KeyCredential (see 8) provided as a UserIdentityToken may also be used to determine if the Client has access to this Privilege. |