Servers shall allow the invocation of the SetApplicationTag Method only for Sessions of user accounts to which the right for Method invocation is explicitly granted. There shall exist user accounts with restricted rights (that is, no Method invocation) for Clients performing data acquisition or diagnosis also.

If well-known Roles are supported by the Server, role-based security (see [OPC 10000-18]) shall be applied. Method invocation shall only be possible if the well-known “Operator” Role is granted to the Client’s Session.

All Variables are read-only. Modifying the content of Variables shall only be possible by invoking a “Set-” Method.