Search

22 result(s) for SecurityAdmin

• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  4.12 Roles
  defines a set of standard Roles that OPC UA Applications can use, these include SecurityAdmin , ConfigureAdmin , Supervisor , Engineer, Operator , Observer and AuthenticatedUser. They are defined in OPC 10000-3 with
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  6.17 Least privilege principle
  This could even be done for a short period of time. Roles such as SecurityAdmin or ConfigureAdmin should not be granted to a user except when the user is actively
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  8.4 Certificate management threats
  described in Part 12. This includes restricting all certificate management functionality to users with SecurityAdmin Role or comparable access rights. Furthermore, the list of Clients that are allowed to access
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  6.3.5 SessionDiagnosticsObjectType
  current Session shall be restricted to authorized users, such as users who have the SecurityAdmin role, defined in OPC 10000-18 . The additional definition for the ConformanceUnits of AuditActivateSessionEventType
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  7.16 SessionSecurityDiagnosticsType
  related, it shall be restricted to authorized users, such as users who have the SecurityAdmin role, defined in OPC 10000-18 . Table 86 - SessionSecurityDiagnosticsType definition Attribute Value BrowseName SessionSecurityDiagnosticsType IsAbstract
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  4.4.1 Overview
  limited mechanisms discussed here may help SecurityAdmins with the configuration of Servers . A SecurityAdmin tasked with configuring Servers determines the ClientUrls for Clients that support reverse connect. The following choices
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  4.4.2 Out-of-band Discovery
  reverse connect has one or more ClientUrls that allow Servers to connect. Once the SecurityAdmin acquires the ClientUrl via an out-of-band mechanism, it can configure the Server
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  4.4.3 Global Discovery for Reverse Connections
  Clients that support reverse connect within the administrative domain of the GDS. The SecurityAdmin uses the Call service to invoke the QueryApplications Method (see 6.5.11 ) with ... prefix. DiscoveryUrls without the prefix are used for forward connections. Once the SecurityAdmin has a ClientUrl it can configure the Server
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.5 Application Setup
  technicians. For embedded devices, the Server should allow any Client that provides the proper SecurityAdmin credentials to create the secure connection needed for setup using PushManagement . Once the Server
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.7.2 Update Certificates Workflow
  ApplicationCertificateType Purpose are considered. The CertificateManager needs credentials that will have access to the SecurityAdmin Role on the Server . Connect The CertificateManager creates a secure connection using encryption ... Session with the Server . The Session requires access to the SecurityAdmin Role or equivalent. Possible credentials used to authenticate the CertificateManager are: CertificateManager ApplicationInstance Certificate ; UserIdentityToken provided in ActivateSession . Update
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.7.5 Create Endpoint Workflow
  ManagedApplications Folder . The CertificateManager needs credentials that will have access to the SecurityAdmin Role on the Server . Connect This is described in Table 22 . Read Current Configuration The current configuration
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.7.6 Update Configuration Workflow
  CertificateManager has completed updates to a local copy of the ApplicationConfiguration . A Session with SecurityAdmin access rights exists. The ConfigurationFile Object belongs to the ApplicationConfiguration being updated
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.8.5.1 ConfigurationFileType
  ConfigurationFileType shall restrict access to appropriate users or applications. This should be ConfigureAdmin , SecurityAdmin or an equivalent administrative Role . The Open Method shall not support modes other than Read (0x01
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  G.2 Application setup with the PushManagement
  file that defaults to ON; Always allow Clients to connect securely and assign the SecurityAdmin Role to Anonymous user if the TrustList is empty; Connect to the Server after toggling ... device which enables access for a short period. Add Client ApplicationUri to SecurityAdmin Role , remove Anonymous from SecurityAdmin Role ; Provide a new Certificate and TrustList ; Set the configuration flag
• OPC-10000-18 – OPC Unified Architecture - Part 18: Role-Based Security
  4.4.6 RemoveIdentity Method
  shall use an encrypted channel and shall provide user credentials with administrator rights like SecurityAdmin Role when invoking this Method on the Server . Signature RemoveIdentity ( [in] IdentityMappingRuleType Rule ); Argument Description
• OPC-10000-18 – OPC Unified Architecture - Part 18: Role-Based Security
  4.4.7 AddApplication Method
  shall use an encrypted channel and shall provide user credentials with administrator rights like SecurityAdmin Role when invoking this Method on the Server . Signature AddApplication ( [in] String ApplicationUri ); Argument Description
• OPC-10000-18 – OPC Unified Architecture - Part 18: Role-Based Security
  4.4.8 RemoveApplication Method
  shall use an encrypted channel and shall provide user credentials with administrator rights like SecurityAdmin Role when invoking this Method on the Server . Signature RemoveApplication ( [in] String ApplicationUri ); Argument Description
• OPC-10000-18 – OPC Unified Architecture - Part 18: Role-Based Security
  4.4.9 AddEndpoint Method
  shall use an encrypted channel and shall provide user credentials with administrator rights like SecurityAdmin Role when invoking this Method on the Server . Signature AddEndpoint ( [in] EndpointType Endpoint ); Argument Description
• OPC-10000-18 – OPC Unified Architecture - Part 18: Role-Based Security
  4.4.10 RemoveEndpoint Method
  shall use an encrypted channel and shall provide user credentials with administrator rights like SecurityAdmin Role when invoking this Method on the Server . Signature RemoveEndpoint ( [in] EndpointType Endpoint ); Argument Description
• OPC-10000-18 – OPC Unified Architecture - Part 18: Role-Based Security
  5.2.5 AddUser Method
  shall use an encrypted channel and shall provide user credentials with administrator rights like SecurityAdmin Role when invoking this Method on the Server . Signature AddUser ( [in] String UserName, [in] String
• OPC-10000-18 – OPC Unified Architecture - Part 18: Role-Based Security
  5.2.6 ModifyUser Method
  shall use an encrypted channel and shall provide user credentials with administrator rights like SecurityAdmin Role when invoking this Method on the Server . Signature ModifyUser ( [in] String UserName, [in] Boolean
• OPC-10000-18 – OPC Unified Architecture - Part 18: Role-Based Security
  5.2.7 RemoveUser Method
  shall use an encrypted channel and shall provide user credentials with administrator rights like SecurityAdmin Role when invoking this Method on the Server . If the user of the Session used