Currently I am trying to set Read/Write/Browse access level (after t user goes through the Authentication mechanism implemented locally in the application) for a node in below fashion,
NodeAccessInfoBase* pAccessInfo = new NodeAccessInfoBase();
pAccessInfo->setAccessRestrictions(NodeAccessInfo::PERMISSION_BROWSE | NodeAccessInfo::PERMISSION_READ | NodeAccessInfo::PERMISSION_WRITE);
externalNode->setAccessInfo(pAccessInfo);
pAccessInfo->releaseReference();
But it does not reflect the desired changes in UaExpert clinet side.
In UaExpert "UserAccessLevel" attribute still shows CurrentRead
Set UserAccessLevel Attribute for a Node
Moderator: uasdkcpp
-
- Jr. Member
- Posts: 2
- Joined: 16 Sep 2022, 09:19
- Support Team
- Hero Member
- Posts: 3071
- Joined: 18 Mar 2011, 15:09
Re: Set UserAccessLevel Attribute for a Node
Hello sahnnu,
you are setting the AccessRestriction for the node - I guess you want to set the RolePermissions instead.
AccessRestritions define additional restrictions to access the node independent of the Permission. For example if EncryptionRequired is set the node can only be accessed on an encrypted channel. see: https://reference.opcfoundation.org/Core/Part3/8.56/
Permissions are always assigned for a specific role. So to set them you need to specifiy a role and the permissions for that role.
Example to grant browse permissions for anonymous role and grant permissions to read and write the value for operator role:
To understand the details of Role-Based Security please read on here: https://reference.opcfoundation.org/Core/Part18/
you are setting the AccessRestriction for the node - I guess you want to set the RolePermissions instead.
AccessRestritions define additional restrictions to access the node independent of the Permission. For example if EncryptionRequired is set the node can only be accessed on an encrypted channel. see: https://reference.opcfoundation.org/Core/Part3/8.56/
Permissions are always assigned for a specific role. So to set them you need to specifiy a role and the permissions for that role.
Example to grant browse permissions for anonymous role and grant permissions to read and write the value for operator role:
Code: Select all
NodeAccessInfoBase* pAccessInfo = new NodeAccessInfoBase();
pAccessInfo->setRolePermissions(
pServerManager->getIdForWellKnownRole(OpcUaId_WellKnownRole_Anonymous),
NodeAccessInfo::PERMISSION_BROWSE);
pAccessInfo->setRolePermissions(
pServerManager->getIdForWellKnownRole(OpcUaId_WellKnownRole_Operator),
NodeAccessInfo::PERMISSION_BROWSE | NodeAccessInfo::PERMISSION_READ | NodeAccessInfo::PERMISSION_WRITE | NodeAccessInfo::PERMISSION_CALL);
externalNode->setAccessInfo(pAccessInfo);
pAccessInfo->releaseReference();
Best regards
Unified Automation Support Team
Unified Automation Support Team