GlobalDiscoveryServers restrict access to many of the features they provide. These restrictions are described either by referring to well-known Roles which a Session must have access to or by referring to Privileges which are assigned to Sessions using mechanisms other than the well-known Roles. The well-known Roles used in for a GDS are listed in Table 1.
Table 1 – Well-known Roles for a GDS
|
Name |
Description |
|
DiscoveryAdmin |
This Role grants rights to register, update and unregister any OPC UA Application. |
|
SecurityAdmin |
This Role grants the right to change the security configuration of a GDS. |
The Privileges used in for a GDS are listed in Table 2.
Table 2 – Privileges for a GDS
|
Name |
Description |
|
ApplicationSelfAdmin |
This Privilege grants an OPC UA Application the right to update its own registration. The Certificate used to create the SecureChannel is used to determine the identity of the OPC UA Application. |
|
ApplicationAdmin |
This Privilege grants rights to update one or more registrations. The Certificate used to create the SecureChannel is used to determine the identity of the OPC UA Application and what the set of registrations it is authorized to update. |