The RoleSet Object defined in Table 2 is used to publish all Roles supported by the Server.

Table 2 – RoleSet definition

Attribute

Value

BrowseName

RoleSet

References

Node Class

BrowseName

DataType

TypeDefinition

Modelling Rule

ComponentOf the ServerCapabilities Object defined in OPC 10000-5

HasTypeDefinition

ObjectType

RoleSetType

HasComponent

Object

Anonymous

RoleType

HasComponent

Object

AuthenticatedUser

RoleType

HasComponent

Object

Observer

RoleType

HasComponent

Object

Operator

RoleType

HasComponent

Object

Engineer

RoleType

HasComponent

Object

Supervisor

RoleType

HasComponent

Object

ConfigureAdmin

RoleType

HasComponent

Object

SecurityAdmin

RoleType

Conformance Units

Security Role Server Base 2

Servers should support the well-known Roles which are defined in OPC 10000-3.

The default Identities for the Anonymous Role should be Identities with the criteriaType IdentityCriteriaType.Anonymous and the criteriaType IdentityCriteriaType.AuthenticatedUser.

The default Identities for the AuthenticatedUser Role should be an identity with the criteriaType IdentityCriteriaType.AuthenticatedUser.

The additional definition for the conformance units of the instances is defined in Table 3.

Table 3 – RoleSet Additional Conformance Units

BrowsePath

Conformance Units

AddRole

Security Role Server Management

RemoveRole

Security Role Server Management

ConfigureAdmin

Security Role Well Known

SecurityAdmin

Security Role Well Known

Anonymous

Security Role Well Known Group 2

AuthenticatedUser

Security Role Well Known Group 2

Observer

Security Role Well Known Group 3

Operator

Security Role Well Known Group 3

Engineer

Security Role Well Known Group 3

Supervisor

Security Role Well Known Group 3

Anonymous

AddIdentity

Security Role Server IdentityManagement

Anonymous

RemoveIdentity

Security Role Server IdentityManagement

Anonymous

ApplicationsExclude

Security Role Server Restrict Applications

Anonymous

Applications

Security Role Server Restrict Applications

Anonymous

AddApplication

Security Role Server Restrict Applications

Anonymous

RemoveApplication

Security Role Server Restrict Applications

Anonymous

EndpointsExclude

Security Role Server Restrict Endpoints

Anonymous

Endpoints

Security Role Server Restrict Endpoints

Anonymous

AddEndpoint

Security Role Server Restrict Endpoints

Anonymous

RemoveEndpoint

Security Role Server Restrict Endpoints

AuthenticatedUser

AddIdentity

Security Role Server IdentityManagement

AuthenticatedUser

RemoveIdentity

Security Role Server IdentityManagement

AuthenticatedUser

ApplicationsExclude

Security Role Server Restrict Applications

AuthenticatedUser

Applications

Security Role Server Restrict Applications

AuthenticatedUser

AddApplication

Security Role Server Restrict Applications

AuthenticatedUser

RemoveApplication

Security Role Server Restrict Applications

AuthenticatedUser

EndpointsExclude

Security Role Server Restrict Endpoints

AuthenticatedUser

Endpoints

Security Role Server Restrict Endpoints

AuthenticatedUser

AddEndpoint

Security Role Server Restrict Endpoints

AuthenticatedUser

RemoveEndpoint

Security Role Server Restrict Endpoints

Observer

AddIdentity

Security Role Server IdentityManagement

Observer

RemoveIdentity

Security Role Server IdentityManagement

Observer

ApplicationsExclude

Security Role Server Restrict Applications

Observer

Applications

Security Role Server Restrict Applications

Observer

AddApplication

Security Role Server Restrict Applications

Observer

RemoveApplication

Security Role Server Restrict Applications

Observer

EndpointsExclude

Security Role Server Restrict Endpoints

Observer

Endpoints

Security Role Server Restrict Endpoints

Observer

AddEndpoint

Security Role Server Restrict Endpoints

Observer

RemoveEndpoint

Security Role Server Restrict Endpoints

Operator

AddIdentity

Security Role Server IdentityManagement

Operator

RemoveIdentity

Security Role Server IdentityManagement

Operator

ApplicationsExclude

Security Role Server Restrict Applications

Operator

Applications

Security Role Server Restrict Applications

Operator

AddApplication

Security Role Server Restrict Applications

Operator

RemoveApplication

Security Role Server Restrict Applications

Operator

EndpointsExclude

Security Role Server Restrict Endpoints

Operator

Endpoints

Security Role Server Restrict Endpoints

Operator

AddEndpoint

Security Role Server Restrict Endpoints

Operator

RemoveEndpoint

Security Role Server Restrict Endpoints

Engineer

AddIdentity

Security Role Server IdentityManagement

Engineer

RemoveIdentity

Security Role Server IdentityManagement

Engineer

ApplicationsExclude

Security Role Server Restrict Applications

Engineer

Applications

Security Role Server Restrict Applications

Engineer

AddApplication

Security Role Server Restrict Applications

Engineer

RemoveApplication

Security Role Server Restrict Applications

Engineer

EndpointsExclude

Security Role Server Restrict Endpoints

Engineer

Endpoints

Security Role Server Restrict Endpoints

Engineer

AddEndpoint

Security Role Server Restrict Endpoints

Engineer

RemoveEndpoint

Security Role Server Restrict Endpoints

Supervisor

AddIdentity

Security Role Server IdentityManagement

Supervisor

RemoveIdentity

Security Role Server IdentityManagement

Supervisor

ApplicationsExclude

Security Role Server Restrict Applications

Supervisor

Applications

Security Role Server Restrict Applications

Supervisor

AddApplication

Security Role Server Restrict Applications

Supervisor

RemoveApplication

Security Role Server Restrict Applications

Supervisor

EndpointsExclude

Security Role Server Restrict Endpoints

Supervisor

Endpoints

Security Role Server Restrict Endpoints

Supervisor

AddEndpoint

Security Role Server Restrict Endpoints

Supervisor

RemoveEndpoint

Security Role Server Restrict Endpoints

ConfigureAdmin

AddIdentity

Security Role Server IdentityManagement

ConfigureAdmin

RemoveIdentity

Security Role Server IdentityManagement

ConfigureAdmin

ApplicationsExclude

Security Role Server Restrict Applications

ConfigureAdmin

Applications

Security Role Server Restrict Applications

ConfigureAdmin

AddApplication

Security Role Server Restrict Applications

ConfigureAdmin

RemoveApplication

Security Role Server Restrict Applications

ConfigureAdmin

EndpointsExclude

Security Role Server Restrict Endpoints

ConfigureAdmin

Endpoints

Security Role Server Restrict Endpoints

ConfigureAdmin

AddEndpoint

Security Role Server Restrict Endpoints

ConfigureAdmin

RemoveEndpoint

Security Role Server Restrict Endpoints

SecurityAdmin

AddIdentity

Security Role Server IdentityManagement

SecurityAdmin

RemoveIdentity

Security Role Server IdentityManagement

SecurityAdmin

ApplicationsExclude

Security Role Server Restrict Applications

SecurityAdmin

Applications

Security Role Server Restrict Applications

SecurityAdmin

AddApplication

Security Role Server Restrict Applications

SecurityAdmin

RemoveApplication

Security Role Server Restrict Applications

SecurityAdmin

EndpointsExclude

Security Role Server Restrict Endpoints

SecurityAdmin

Endpoints

Security Role Server Restrict Endpoints

SecurityAdmin

AddEndpoint

Security Role Server Restrict Endpoints

SecurityAdmin

RemoveEndpoint

Security Role Server Restrict Endpoints