OPC UA provides standard approach for implementing role based security. Servers may choose to implement none, part or all of mechanisms defined in OPC 10000-5. The OPC UA approach assigns Permissions to Roles. Clients are then granted Roles based on connection information. Roles might be restricted by User Authentication, Application Authentication, Security Modes, or Transports. The assignment of Roles and restrictions is application specific. The interactions are illustrated in Figure 4.
Figure 4 - Role overview
For additional description of roles see in in OPC 10000-5