UA Gateway - Aliases, Authorization

Questions regarding installing, running and configuring UaGateway.

Moderator: uagateway

Post Reply
abhijit.bhopale
Full Member
Full Member
Posts: 6
Joined: 25 Sep 2021, 14:46

UA Gateway - Aliases, Authorization

Post by abhijit.bhopale »

Hi Team

We are evaluating UA Gateway for our business needs and we are looking for answers to below questions in order to conclude results,

1. How to provide User Friendly Aliases for underlying OPC UA Server Address Space using UAGateway & its associated documentation
2. how to configured UAGateway for Transparent & Non-Transparent mode for Address Space access
3. How to implement authorization in UA Gateway level (e.g. Provide read-only access to underlying OPC-UA Address space using UA Gateway)

User avatar
Support Team
Hero Member
Hero Member
Posts: 3064
Joined: 18 Mar 2011, 15:09

Re: UA Gateway - Aliases, Authorization

Post by Support Team »

Hi,

1) if you have only one underlying UA Server below your UaGateway and if you are only interested in Nodes that reside in one destinct namespace of this underlying UA Server you can configure this namespace as the "default". This will give you the "pure" original NodeID. See description "General" here:
https://documentation.unified-automation.com/uagateway/1.5.8/html/administration_sec.html#tab_opcda_general
However, this only works for one underlying Server and for one of is't namespaces only.

If you have multiple underlying UA Server with multiple namespaces you can create "Alias" for the prefix of such (not for the whole NodeID, just for the prefix). By this it will becaome as "user friendly" as it could be. See here:
https://documentation.unified-automation.com/uagateway/1.5.8/html/administration_sec.html#sec_namespaces

2) the uaGateway is alway in "transparent" mode, UaGateway always pass through, it does not hold or copy any information (for that reason it is so fast). All UA standard attributes are mapped to DA item properties automatically, this includes the AccessRights. IF a node was read only in the UA Server it will be read only in the UaGateway as well. However, some UA Nodes may have even more that the 6 standard attributes. Those additional attributes can be mappted to "vendeor specific attributes" (which was the terminology in classic OPC DA). see here for details:
https://documentation.unified-automation.com/uagateway/1.5.8/html/administration_sec.html#tab_opcda_propertymapping

3) there is an extra payed feature in UaGateway that allows the configuration of some own tags in UaGateway (features can be purchades as "TagFile&Cahe"). The tagfile created nodes in the UaGateway itself, and you can map them to Source-Nodes of an underlying Server. The taglist and mapping file can be configured here:
https://documentation.unified-automation.com/uagateway/1.5.8/html/administration_sec.html#sec_tagfile
The tagfile import format is described here (you can use editor of your choice e.g. Excel to create such file):
https://documentation.unified-automation.com/uagateway/1.5.8/html/tagfile_import_format.html
Best regards
Unified Automation Support Team

abhijit.bhopale
Full Member
Full Member
Posts: 6
Joined: 25 Sep 2021, 14:46

Re: UA Gateway - Aliases, Authorization

Post by abhijit.bhopale »

Thank you for the response.
1. We only have multiple OPC UA servers (not classic OPC). When I say user-friendly names that mean if the tag name in PLC's OPC UA server is ns=3;s=MPLC.MS.aiAS_WT_Up1_Dee_Tail then the new user-friendly name would be ns=3;s=SYS:AUX:TAIL:TEMPERATURE.
Looks like it is possible using "TagFile&Cahe" feature which will create a user-friendly tag in UaGateway address space and map to the PLC's OPC UA server (source) tag. Please correct me if I am wrong.
2. If the above point '1' is correct then does it make the UaGateway non-transparent as UaGateway has created a new OPC UA tag?

3. Does Base UaGateway (Transparent) provide any authorization feature without "TagFile&Cahe" feature? The use case is if the underlaying OPC UA server has None security and the server a tag is read/write but if a client connects through UaGateway then restrict the write access to the tag.

User avatar
Support Team
Hero Member
Hero Member
Posts: 3064
Joined: 18 Mar 2011, 15:09

Re: UA Gateway - Aliases, Authorization

Post by Support Team »

Hi,

ok understood, the only option you have is using the "Tagfile&Cache" Addon in addition to the "Base" feature of (transparent) pass through. Just to make you aware: in OPC UA there is (besides the NodeID) always a "DisplayName" on each node which might be more "user-friendly", but of course that depends on what the underlying UA Servers is providing as the DisplayName (might be just the same than in NodeID). Some embedded servers may use numeric or even GUID as NodeID (even less user-friendly), but have proper "DisplayName" for presentation.

1) yes correct, the TagFile&Cache is the right way to go. However, you should consider not to map "everything", but just the tags desperately needed. You can "reduce" to the really needed nodes.

2) yes correct, the UaGateway will create its own Node in the UaGateway-Addressspace "sym"-prefix. This symbolic named node will be connected to some real source node for it`s value attribute. In that sense you create a "copy" inside the UaGateway.

3) In the TagFile&Cache you can specify (for each Node) the R/W access. Additionally you can "hide" (not protect, just hide) the original node during browsing (only see TagFile-Nodes in UaGateway). However, if your client "knows" (by accident or by intention) the original Source-NodeID in the underlying server, it can access trough the UaGateway.
Best regards
Unified Automation Support Team

abhijit.bhopale
Full Member
Full Member
Posts: 6
Joined: 25 Sep 2021, 14:46

Re: UA Gateway - Aliases, Authorization

Post by abhijit.bhopale »

Hi, Thanks for the response. Tagfile&Cache feature allows us to create new OPC UA tags using configuration. Is it possible to create the tags programmatically using the OPC UA Node Management service?
Also, how can I evaluatTagfile&Cache features? Could not find an evaluation version of it.

User avatar
Support Team
Hero Member
Hero Member
Posts: 3064
Joined: 18 Mar 2011, 15:09

Re: UA Gateway - Aliases, Authorization

Post by Support Team »

Hi,

unfortunately no, the UaGateway (same like most other UAServers) does not support the Node Management Services.
The UaGateway reads all it's own configuation via file, for the Tagfile&Cache feature there is the CSV file format for import, and specially for large list of nodes and symbolic names, it is probably easier to create a tool for editing/manipulating CSV rather than using the management serives.
Best regards
Unified Automation Support Team

Post Reply