Connectivity Software User's Guide and Reference
OPC Wizard Access Control
OPC Wizard > Concepts > OPC Wizard Features > OPC Wizard Access Control
In This Topic

Introduction 

OPC Wizard comes with support for OPC UA application security and (optional) user security. A variant of RBAC (Role-Based Access Control) approach is used to control access to entities and operations within the server developed with OPC Wizard. The security aspects are highly configurable, and custom handling can be used where the declaration-based security is not enough.

Following access control steps are performed by OPC Wizard:

  1. Application Trust Verification. Checks the identity and authorization of the application accessing the server.
  2. User Authentication. Validates the identity of the user accessing the server.
  3. User Authorization. Determines the security roles of the user.
  4. Permission Authorization. Verifies whether a user's assigned roles grant them the permission to perform the specific operation.

These steps are described further below.

Application Trust Verification

For more information on Application Trust Verification, see e.g. OPC UA Client-Server Security and OPC UA Certificate Stores.

User Authentication

OPC UA offers several ways of authenticating users, such as anonymous, username and password, or X.509 certificate. This corresponds to different user identity token types. The user authentication steps verifies that the user is who he/she claims to be. OPC Wizard offers user manager objects for common authentication methods, and you achieve the user authentication simply by configuring the user managers. You can also do custom handling by taking over the user authentication and prividing your own code to handle it.

More information: OPC Wizard User Authentication.

User Authorization

After the user is authenticated, OPC Wizard determines whether the user is authorized to log on to the server (in OPC UA terms, activate the session).

If the logon access is granted, the OPC Wizard then determines the security roles the user has. The security roles can be provided by the user manager objects, where you can simply configure the security roles for each user declaratively. Alternatively, you can write a custom code to take over the determination of user security roles, and implement whatever logic is necessary in your scenario.

OPC Wizard also takes care of automatically assigning certain implicit security roles according to the OPC UA rules.

More information: OPC Wizard User Authorization.

Permission Authorization

In the permission authorization step, the security roles of the user are checked to verify that the user is granted the necessary permission to perform the operation on the given entity. If the user’s role includes the required permissions for the requested action, access is granted; otherwise, it is denied.

OPC Wizard allows the developer to specify permission assignment on every custom server node. The permission assignment specifies the permissions granted to individual roles. In addition, permissions can be inherited from the parent node or from the default for the namespace. If you have special needs, the permission checking mechanism can also be customized in the code.

More information: OPC Wizard Permission Authorization.

See Also
OPC Wizard User Authentication
OPC Wizard User Authorization
OPC Wizard Permission Authorization

 

 

Copyright © 2004-2026 CODE Consulting and Development, s.r.o., Plzen. All rights reserved. Web page: www.opclabs.com

Documentation Home, Send Feedback. Resources: Knowledge Base, Product Downloads. Technical support: Online Forums, FAQ.

Missing some example? Ask us for it on our Online Forums! You do not have to own a commercial license in order to use Online Forums, and we reply to every post.

Follow us on X (Twitter) | Follow us on LinkedIn