4.2 RoleSetType
4.2.1 RoleSetType definition
The RoleSet Object defined in OPC 10000-5 is a RoleSetType which is formally defined in Table 1.
| Attribute | Value | ||||
| BrowseName | RoleSetType | ||||
| IsAbstract | False | ||||
| References | Node Class | BrowseName | DataType | TypeDefinition | Modelling Rule |
|---|---|---|---|---|---|
| Subtype of BaseObjectType defined in OPC 10000-5 | |||||
| HasComponent | Object | <RoleName> | RoleType | OptionalPlaceholder | |
| HasComponent | Method | AddRole | Defined in 4.2.2. | Mandatory | |
| HasComponent | Method | RemoveRole | Defined in 4.2.3. | Mandatory | |
| Conformance Units | |||||
|---|---|---|---|---|---|
| Base Info ServerType |
The AddRole Method allows configuration Clients to add a new Role to the Server.
The RemoveRole Method allows configuration Clients to remove a Role from the Server.
4.2.2 AddRole Method
This Method is used to add a Role to the RoleSet Object defined in 4.3.
The combination of the NamespaceUri and RoleName parameters are used to construct the BrowseName for the new Node. The BrowseName shall be unique within the RoleSet Object.
If the optional Properties EndpointsExclude and ApplicationsExclude are available on the Role Object created with this Method, the initial values of the EndpointsExclude and ApplicationsExclude Properties shall be TRUE.
The Client shall use an encrypted channel and shall provide user credentials with administrator rights like SecurityAdmin Role when invoking this Method on the Server.
OPC 10000-3 defines well-known Roles. If this Method is to be used to add a well-known Role, the name of the Role from OPC 10000-3 shall be used together with the OPC UA namespace URI. The Server shall use the NodeIds for the well-known Roles in this case. The NodeIds for the well-known Roles are defined in OPC 10000-6.
Signature
AddRole (
[in] String RoleName,
[in] String NamespaceUri,
[out] NodeId RoleNodeId
);
| Argument | Description |
| RoleName | The name of the Role. |
| NamespaceUri | The NamespaceUri qualifies the RoleName. If this value is null or empty then the resulting BrowseName will be qualified by the Server’s NamespaceUri. |
| RoleNodeId | The NodeId assigned by the Server to the new Node. |
Method Result Codes
| ResultCode | Description |
| Bad_InvalidArgument | The RoleName or NamespaceUri is not valid. The text associated with the error shall indicate the exact problem. |
| Bad_NotSupported | The Server does not allow more Roles to be added. |
| Bad_UserAccessDenied | The caller does not have the necessary Permissions. |
| Bad_SecurityModeInsufficient | The SecureChannel is not encrypted. |
| Bad_AlreadyExists | The Role already exists in the Server. |
| Bad_ResourceUnavailable | The Server does not have enough resources to add the role. |
The AddRole Method representation in the AddressSpace is formally defined in Table 2.
| Attribute | Value | ||||
| BrowseName | AddRole | ||||
| References | Node Class | BrowseName | DataType | TypeDefinition | Other |
|---|---|---|---|---|---|
| 0:HasProperty | Variable | 0:InputArguments | 0:Argument[] | 0:PropertyType | M |
| 0:HasProperty | Variable | 0:OutputArguments | 0:Argument[] | 0:PropertyType | M |
| ConformanceUnits | |||||
|---|---|---|---|---|---|
| Security Role Server Management |
4.2.3 RemoveRole Method
This Method is used to remove a Role from the RoleSet Object.
The RoleNodeId is the NodeId of the Role Object to remove.
The Server may prohibit the removal of some Roles because they are necessary for the Server to function.
If a Role is removed all Permissions associated with the Role shall be deleted. Ideally these changes should take effect immediately; however, some lag may occur.
The Client shall use an encrypted channel and shall provide user credentials with administrator rights like SecurityAdmin Role when invoking this Method on the Server.
Signature
RemoveRole (
[in] NodeId RoleNodeId
);
| Argument | Description |
| RoleNodeId | The NodeId of the Role Object. |
Method Result Codes
| ResultCode | Description |
| Bad_NodeIdUnknown | The specified Role Object does not exist. |
| Bad_NotSupported | The Server does not allow the Role Object to be removed. |
| Bad_UserAccessDenied | The caller does not have the necessary Permissions. |
| Bad_SecurityModeInsufficient | The SecureChannel is not encrypted. |
| Bad_RequestNotAllowed | The specified Role Object cannot be removed. |
The RemoveRole Method representation in the AddressSpace is formally defined in Table 3.
| Attribute | Value | ||||
| BrowseName | RemoveRole | ||||
| References | Node Class | BrowseName | DataType | TypeDefinition | Other |
|---|---|---|---|---|---|
| 0:HasProperty | Variable | 0:InputArguments | 0:Argument[] | 0:PropertyType | M |
| ConformanceUnits | |||||
|---|---|---|---|---|---|
| Security Role Server Management |