Servers shall allow Method invocation and write access to Variables only for Sessions using dedicated user accounts. There shall exist user accounts with restricted rights (that is, no Method invocation and read-only access to Variables) for Clients performing data acquisition or diagnosis also.

If well-known Roles are supported by the Server, role-based security shall be applied. Method invocation as well as write access shall only be possible if the well-known “Operator” Role is granted to the Client’s Session.