ObjectsNamespaceDefaultPermissionAssignment Property (IEasyUAServer)

Gets or sets the default permission assignment for custom nodes in the Objects namespace.

Syntax

Visual Basic
C#
C++/CLI

'Declaration
 
<JetBrains.Annotations.NotNullAttribute()>
Property ObjectsNamespaceDefaultPermissionAssignment As UAPermissionAssignment

'Usage
 
Dim instance As IEasyUAServer
Dim value As UAPermissionAssignment
 
instance.ObjectsNamespaceDefaultPermissionAssignment = value
 
value = instance.ObjectsNamespaceDefaultPermissionAssignment

[JetBrains.Annotations.NotNull()]
UAPermissionAssignment ObjectsNamespaceDefaultPermissionAssignment {get; set;}

[JetBrains.Annotations.NotNull()]
property UAPermissionAssignment^ ObjectsNamespaceDefaultPermissionAssignment {
   UAPermissionAssignment^ get();
   void set (    UAPermissionAssignment^ value);
}

Property Value

A OpcLabs.EasyOpc.UA.Security.Subject.UAPermissionAssignment that defines the default permissions assigned to roles for custom nodes in the Objects namespace.

The value of this property cannot be null (Nothing in Visual Basic).

The individual elements of the property value cannot be null (Nothing in Visual Basic).

Exceptions

Exception Description

Exception	Description
System.ArgumentNullException	A `null` reference (`Nothing` in Visual Basic) is passed to a method that does not accept it as a valid argument. This is a usage error, i.e. it will never occur (the exception will not be thrown) in a correctly written program. Your code should not catch this exception.

System.ArgumentNullException

A null reference (Nothing in Visual Basic) is passed to a method that does not accept it as a valid argument.

This is a usage error, i.e. it will never occur (the exception will not be thrown) in a correctly written program. Your code should not catch this exception.

Remarks

This property defines the baseline permissions that are applied to custom nodes in the Objects namespace unless overridden by individual node permission assignments. It determines which OPC UA security roles have access to perform various operations on the nodes.

Example

CSharp

// This example shows how to create a hierarchical permission assignment in an OPC UA server, for Anonymous, Engineer and
// Operator roles.
// You can use any OPC UA client, including our Connectivity Explorer and OpcCmd utility, to connect to the server. 
//
// Find all latest examples here: https://www.doc-that.com/files/onlinedocs/OPCLabs-ConnectivityStudio/Latest/examples.html .
// OPC client, server and subscriber examples in C# on GitHub: https://github.com/OPCLabs/Examples-ConnectivityStudio-CSharp .
// Missing some example? Ask us for it on our Online Forums, https://forum.opclabs.com/forum/index ! You do not have to own
// a commercial license in order to use Online Forums, and we reply to every post.

using OpcLabs.BaseLib.Security.User.Extensions;
using OpcLabs.EasyOpc.UA;
using OpcLabs.EasyOpc.UA.NodeSpace;
using OpcLabs.EasyOpc.UA.Security.Subject;
using System;

namespace UAServerDocExamples.AccessControl
{
    internal class PermissionAssignment
    {
        public static void Hierarchical()
        {
            // Instantiate the server object.
            // By default, the server will run on endpoint URL "opc.tcp://localhost:48040/".
            var server = new EasyUAServer();

            // Clear the default security roles (Operator) for the Anonymous user.
            server.UserManagers.Anonymous.SecurityRoleIdSet.Clear();

            // Create users with Engineer and Operator roles.
            server.UserManagers.NameAndPassword.CreateWithSecurityRoleIds("engineer", "pass", 
                new string[] {UASecurityRoles.Engineer});
            server.UserManagers.NameAndPassword.CreateWithSecurityRoleIds("operator", "pass", 
                new string[] {UASecurityRoles.Operator});

            // Specify the default permission assignment for the custom nodes under Objects folder. Anonymous users will be
            // able to view only, authenticated users will be also able to modify.
            server.ObjectsNamespaceDefaultPermissionAssignment = UAPermissionAssignment.AuthenticateUserToModify;


            // Define some nodes with different permission assignments.

            // This data variable is readable by anyone, but only writable by authenticated users, because it inherits
            // permission assignments from the Objects folder, which further inherits them from the namespace.
            server.Objects.Add(new UADataVariable("PublicReadableDataVariable").ReadWriteValue(0));

            // This data variable will be readable and writable by anyone. It inherits the read permissions for anyone from
            // the Objects folder, and it adds its own permission assignment for write permissions.
            var publicReadWriteDataVariable = new UADataVariable("PublicReadWriteDataVariable").ReadWriteValue(0);
            publicReadWriteDataVariable.PermissionAssignment = new UAPermissionAssignment
            {
                new UARolePermissions(UASecurityRoles.Anonymous, UAPermissions.ModifyBasic)
            };
            server.Objects.Add(publicReadWriteDataVariable);

            // This data variable will only be accessible to authenticated users. Other users will not even be able to see
            // it (browse for it). We specify that it should not inherit permissions from the namespace, but instead have
            // its own permission assignment.
            var authenticatedDataVariable = new UADataVariable("AuthenticatedDataVariable").ReadWriteValue(0);
            authenticatedDataVariable.PermissionAssignment = new UAPermissionAssignment
            {
                new UARolePermissions(UASecurityRoles.AuthenticatedUser, UAPermissions.ViewBasic | UAPermissions.ModifyBasic)
            };
            authenticatedDataVariable.PermissionsInheritanceType = UAPermissionsInheritanceType.None;
            server.Objects.Add(authenticatedDataVariable);

            // This folder will only be accessible to users with Operator or Engineer security roles. User that do not have
            // any of these security roles will not even be able to see it (browse for it).
            var operatorOrEngineerFolder = new UAFolder("OperatorOrEngineerFolder");
            operatorOrEngineerFolder.PermissionAssignment = new UAPermissionAssignment
            {
                new UARolePermissions(UASecurityRoles.Operator, UAPermissions.ViewBasic | UAPermissions.ModifyBasic),
                new UARolePermissions(UASecurityRoles.Engineer, UAPermissions.ViewBasic | UAPermissions.ModifyBasic),
            };
            operatorOrEngineerFolder.PermissionsInheritanceType = UAPermissionsInheritanceType.None;
            server.Objects.Add(operatorOrEngineerFolder);

            // This data variable will inherit permissions from the OperatorOrEngineerFolder, so it will only be accessible to users
            // with Operator or Engineer security roles. 
            var operatorOrEngineerDataVariable = new UADataVariable("OperatorOrEngineerDataVariable").ReadWriteValue(0);
            operatorOrEngineerFolder.Add(operatorOrEngineerDataVariable);

            // A data variable accessible to Operator but not Engineer (typically, live data).
            var operatorDataVariable = new UADataVariable("OperatorDataVariable").ReadWriteValue(0);
            operatorDataVariable.PermissionAssignment = new UAPermissionAssignment
            {
                new UARolePermissions(UASecurityRoles.Operator, UAPermissions.ViewBasic | UAPermissions.ModifyBasic),
            };
            operatorDataVariable.PermissionsInheritanceType = UAPermissionsInheritanceType.None;
            operatorOrEngineerFolder.Add(operatorDataVariable);

            // A data variable accessible to Engineer but not Operator (typically, configuration data).
            var engineerDataVariable = new UADataVariable("EngineerDataVariable").ReadWriteValue(0);
            engineerDataVariable.PermissionAssignment = new UAPermissionAssignment
            {
                new UARolePermissions(UASecurityRoles.Engineer, UAPermissions.ViewBasic | UAPermissions.ModifyBasic),
            };
            engineerDataVariable.PermissionsInheritanceType = UAPermissionsInheritanceType.None;
            operatorOrEngineerFolder.Add(engineerDataVariable);


            // Start the server.
            Console.WriteLine("The server is starting...");
            server.Start();

            Console.WriteLine("The server is started.");
            Console.WriteLine();

            // Let the user decide when to stop.
            Console.WriteLine("Press Enter to stop the server...");
            Console.ReadLine();

            // Stop the server.
            Console.WriteLine("The server is stopping...");
            server.Stop();

            Console.WriteLine("The server is stopped.");
        }
    }
}

Requirements

Target Platforms: .NET Framework: Windows 10 (selected versions), Windows 11 (selected versions), Windows Server 2016, Windows Server 2022; .NET: Linux, macOS, Microsoft Windows

Reference

IEasyUAServer Interface
IEasyUAServer Members
Objects Property

Documentation Home, Send Feedback. Resources: Knowledge Base, Product Downloads. Technical support: Online Forums, FAQ.

Missing some example? Ask us for it on our Online Forums! You do not have to own a commercial license in order to use Online Forums, and we reply to every post.