PermissionsInheritanceType Property

Gets or sets how permissions are inherited for this node.

Syntax

Visual Basic
C#
C++/CLI

'Declaration
 
Public Property PermissionsInheritanceType As UAPermissionsInheritanceType

'Usage
 
Dim instance As UAServerNode
Dim value As UAPermissionsInheritanceType
 
instance.PermissionsInheritanceType = value
 
value = instance.PermissionsInheritanceType

public UAPermissionsInheritanceType PermissionsInheritanceType {get; set;}

public:
property UAPermissionsInheritanceType PermissionsInheritanceType {
   UAPermissionsInheritanceType get();
   void set (    UAPermissionsInheritanceType value);
}

Property Value

The default value of this property is ParentNode (UAPermissionsInheritanceType.ParentNode).

Remarks

This property determines whether permissions are inherited, and if so, whether from the parent node or the namespace. The default value is OpcLabs.EasyOpc.UA.UAPermissionsInheritanceType.ParentNode.

This method or property does not throw any exceptions, aside from execution exceptions such as System.Threading.ThreadAbortException or System.OutOfMemoryException.

Example

CSharp

// This example shows how to create a hierarchical permission assignment in an OPC UA server, for Anonymous, Engineer and
// Operator roles.
// You can use any OPC UA client, including our Connectivity Explorer and OpcCmd utility, to connect to the server. 
//
// Find all latest examples here: https://www.doc-that.com/files/onlinedocs/OPCLabs-ConnectivityStudio/Latest/examples.html .
// OPC client, server and subscriber examples in C# on GitHub: https://github.com/OPCLabs/Examples-ConnectivityStudio-CSharp .
// Missing some example? Ask us for it on our Online Forums, https://forum.opclabs.com/forum/index ! You do not have to own
// a commercial license in order to use Online Forums, and we reply to every post.

using OpcLabs.BaseLib.Security.User.Extensions;
using OpcLabs.EasyOpc.UA;
using OpcLabs.EasyOpc.UA.NodeSpace;
using OpcLabs.EasyOpc.UA.Security.Subject;
using System;

namespace UAServerDocExamples.AccessControl
{
    internal class PermissionAssignment
    {
        public static void Hierarchical()
        {
            // Instantiate the server object.
            // By default, the server will run on endpoint URL "opc.tcp://localhost:48040/".
            var server = new EasyUAServer();

            // Clear the default security roles (Operator) for the Anonymous user.
            server.UserManagers.Anonymous.SecurityRoleIdSet.Clear();

            // Create users with Engineer and Operator roles.
            server.UserManagers.NameAndPassword.CreateWithSecurityRoleIds("engineer", "pass", 
                new string[] {UASecurityRoles.Engineer});
            server.UserManagers.NameAndPassword.CreateWithSecurityRoleIds("operator", "pass", 
                new string[] {UASecurityRoles.Operator});

            // Specify the default permission assignment for the custom nodes under Objects folder. Anonymous users will be
            // able to view only, authenticated users will be also able to modify.
            server.ObjectsNamespaceDefaultPermissionAssignment = UAPermissionAssignment.AuthenticateUserToModify;


            // Define some nodes with different permission assignments.

            // This data variable is readable by anyone, but only writable by authenticated users, because it inherits
            // permission assignments from the Objects folder, which further inherits them from the namespace.
            server.Objects.Add(new UADataVariable("PublicReadableDataVariable").ReadWriteValue(0));

            // This data variable will be readable and writable by anyone. It inherits the read permissions for anyone from
            // the Objects folder, and it adds its own permission assignment for write permissions.
            var publicReadWriteDataVariable = new UADataVariable("PublicReadWriteDataVariable").ReadWriteValue(0);
            publicReadWriteDataVariable.PermissionAssignment = new UAPermissionAssignment
            {
                new UARolePermissions(UASecurityRoles.Anonymous, UAPermissions.ModifyBasic)
            };
            server.Objects.Add(publicReadWriteDataVariable);

            // This data variable will only be accessible to authenticated users. Other users will not even be able to see
            // it (browse for it). We specify that it should not inherit permissions from the namespace, but instead have
            // its own permission assignment.
            var authenticatedDataVariable = new UADataVariable("AuthenticatedDataVariable").ReadWriteValue(0);
            authenticatedDataVariable.PermissionAssignment = new UAPermissionAssignment
            {
                new UARolePermissions(UASecurityRoles.AuthenticatedUser, UAPermissions.ViewBasic | UAPermissions.ModifyBasic)
            };
            authenticatedDataVariable.PermissionsInheritanceType = UAPermissionsInheritanceType.None;
            server.Objects.Add(authenticatedDataVariable);

            // This folder will only be accessible to users with Operator or Engineer security roles. User that do not have
            // any of these security roles will not even be able to see it (browse for it).
            var operatorOrEngineerFolder = new UAFolder("OperatorOrEngineerFolder");
            operatorOrEngineerFolder.PermissionAssignment = new UAPermissionAssignment
            {
                new UARolePermissions(UASecurityRoles.Operator, UAPermissions.ViewBasic | UAPermissions.ModifyBasic),
                new UARolePermissions(UASecurityRoles.Engineer, UAPermissions.ViewBasic | UAPermissions.ModifyBasic),
            };
            operatorOrEngineerFolder.PermissionsInheritanceType = UAPermissionsInheritanceType.None;
            server.Objects.Add(operatorOrEngineerFolder);

            // This data variable will inherit permissions from the OperatorOrEngineerFolder, so it will only be accessible to users
            // with Operator or Engineer security roles. 
            var operatorOrEngineerDataVariable = new UADataVariable("OperatorOrEngineerDataVariable").ReadWriteValue(0);
            operatorOrEngineerFolder.Add(operatorOrEngineerDataVariable);

            // A data variable accessible to Operator but not Engineer (typically, live data).
            var operatorDataVariable = new UADataVariable("OperatorDataVariable").ReadWriteValue(0);
            operatorDataVariable.PermissionAssignment = new UAPermissionAssignment
            {
                new UARolePermissions(UASecurityRoles.Operator, UAPermissions.ViewBasic | UAPermissions.ModifyBasic),
            };
            operatorDataVariable.PermissionsInheritanceType = UAPermissionsInheritanceType.None;
            operatorOrEngineerFolder.Add(operatorDataVariable);

            // A data variable accessible to Engineer but not Operator (typically, configuration data).
            var engineerDataVariable = new UADataVariable("EngineerDataVariable").ReadWriteValue(0);
            engineerDataVariable.PermissionAssignment = new UAPermissionAssignment
            {
                new UARolePermissions(UASecurityRoles.Engineer, UAPermissions.ViewBasic | UAPermissions.ModifyBasic),
            };
            engineerDataVariable.PermissionsInheritanceType = UAPermissionsInheritanceType.None;
            operatorOrEngineerFolder.Add(engineerDataVariable);


            // Start the server.
            Console.WriteLine("The server is starting...");
            server.Start();

            Console.WriteLine("The server is started.");
            Console.WriteLine();

            // Let the user decide when to stop.
            Console.WriteLine("Press Enter to stop the server...");
            Console.ReadLine();

            // Stop the server.
            Console.WriteLine("The server is stopping...");
            server.Stop();

            Console.WriteLine("The server is stopped.");
        }
    }
}

CSharp

// This example shows how to create a user with username & password and assign it specific OPC UA security roles. 
// You can use any OPC UA client, including our Connectivity Explorer and OpcCmd utility, to connect to the server. 
//
// Find all latest examples here: https://www.doc-that.com/files/onlinedocs/OPCLabs-ConnectivityStudio/Latest/examples.html .
// OPC client, server and subscriber examples in C# on GitHub: https://github.com/OPCLabs/Examples-ConnectivityStudio-CSharp .
// Missing some example? Ask us for it on our Online Forums, https://forum.opclabs.com/forum/index ! You do not have to own
// a commercial license in order to use Online Forums, and we reply to every post.

using OpcLabs.BaseLib.Security.User.Extensions;
using OpcLabs.EasyOpc.UA;
using OpcLabs.EasyOpc.UA.NodeSpace;
using OpcLabs.EasyOpc.UA.Security.Subject;
using System;

namespace UAServerDocExamples.AccessControl
{
    internal class NameAndPasswordUserManager
    {
        public static void CreateWithSecurityRoleIds()
        {
            // Instantiate the server object.
            // By default, the server will run on endpoint URL "opc.tcp://localhost:48040/".
            var server = new EasyUAServer();

            // Clear the default security roles (Operator) for the Anonymous user.
            server.UserManagers.Anonymous.SecurityRoleIdSet.Clear();

            // Create a user with username "alpha" and password "pass". The user session will be assigned the Engineer and
            // Operator security roles, in addition to the implicit Anonymous, AuthenticatedUser and possibly
            // TrustedApplication roles.
            server.UserManagers.NameAndPassword.CreateWithSecurityRoleIds("alpha", "pass",
                new string[] {UASecurityRoles.Engineer, UASecurityRoles.Operator});

            // Create a data variable providing random integers.
            var random = new Random();
            var dataVariable = new UADataVariable("MyDataVariable").ReadValueFunction(() => random.Next());

            // Assign permissions to the data variable. In this case, only users with the Engineer security role will be able
            // to browse, read and write the variable.
            dataVariable.PermissionAssignment = new UAPermissionAssignment
            {
                new UARolePermissions(UASecurityRoles.Engineer, UAPermissions.ViewBasic | UAPermissions.ModifyBasic)
            };
            // We do not want to inherit permissions from the parent nodes, as they include viewing for TrustedApplication.
            dataVariable.PermissionsInheritanceType = UAPermissionsInheritanceType.None;

            // Add the data variable to the server's address space.
            server.Add(dataVariable);

            // Start the server.
            Console.WriteLine("The server is starting...");
            server.Start();

            Console.WriteLine("The server is started.");
            Console.WriteLine();

            // Let the user decide when to stop.
            Console.WriteLine("Press Enter to stop the server...");
            Console.ReadLine();

            // Stop the server.
            Console.WriteLine("The server is stopping...");
            server.Stop();

            Console.WriteLine("The server is stopped.");
        }
    }
}

Requirements

Target Platforms: .NET Framework: Windows 10 (selected versions), Windows 11 (selected versions), Windows Server 2016, Windows Server 2022; .NET: Linux, macOS, Microsoft Windows

Reference

UAServerNode Class
UAServerNode Members

Documentation Home, Send Feedback. Resources: Knowledge Base, Product Downloads. Technical support: Online Forums, FAQ.

Missing some example? Ask us for it on our Online Forums! You do not have to own a commercial license in order to use Online Forums, and we reply to every post.