OPC UA describes that certain functionality, such as the management of CertificateStores, should be restricted to administrators. This Multi-part standard does not describe the details associated with administrative access. The nature of administrative access varies from platform to platform. Some platforms only have a single administrator. Other platforms provide multiple levels of administrative access such as backup administrator, network administrator, configuration administrator etc. The deployment site should make appropriate selections for administrator access and the implementer should allow for the configuration of appropriate administrator account access.
Administrative access restrictions include items such as configuration files for Servers and Clients. For example, configuration files might contain paths to certificate stores or exposed endpoints both of which if changed could cause major issues.
Administrative access should also be used to control Audit Events, see 4.14 for additional details.