Role configuration schema

Questions regarding the use of the .NET SDK 2.0 for Server or Client development or integration into customer products ...

Moderator: uasdknet

Post Reply
Matchless6846
Full Member
Full Member
Posts: 8
Joined: 09 Jul 2024, 02:44

Role configuration schema

Post by Matchless6846 »

Dear Support Team,

We are following the documentation to download the Role configuration schema:
RoleConfigurationsFilePath Specifies the file path for the role configurations file.
The specified file must be valid for the schema http://unifiedautomation.com/schemas/RoleConfigurations.xsd.
Since we noticed that the link is not accessible, we kindly request that the Support Team provide a valid alternative link or guide us on how to properly obtain the latest Role configuration template. Thank you!
Top
User avatar
Support Team
Hero Member
Hero Member
Posts: 3269
Joined: 18 Mar 2011, 15:09

Re: Role configuration schema

Post by Support Team »

Hi,

The schema files used by the SDK are shipped with the installer.
They can be found in the folder "configurationschema".
Best regards
Unified Automation Support Team
Top
Matchless6846
Full Member
Full Member
Posts: 8
Joined: 09 Jul 2024, 02:44

Re: Role configuration schema

Post by Matchless6846 »

Support Team wrote:
05 Dec 2024, 09:25
 Hi,

The schema files used by the SDK are shipped with the installer.
They can be found in the folder "configurationschema".
Dear Support Team,

We have located the schema file and created a role configurations XML based on it. However, upon attempting to start the server with this XML, we encountered errors indicating "BadUserAccessDenied" for all properties when a client tries to read the RoleSet. We are uncertain if the configuration we've written is at fault.

Our initial goal was to resolve the issue where reading the RoleSet would result in a "BadUserAccessDenied" error for the RolePermissions property in the absence of role configurations. Now, however, all attributes are returning this error.

Could you please provide guidance on what might be causing these issues? Are there specific entries or settings within the role configurations XML that need to be verified or adjusted to ensure proper access permissions are granted?

Thank you for your assistance. Please find our current role configurations XML content:

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<RoleConfigurations xmlns="http://unifiedautomation.com/schemas/RoleConfigurations.xsd"
                    EnableOnlineConfiguration="true"
                    MaxRoles="200"
                    MaxIdentitiesPerRole="500"
                    MaxApplicationsPerRole="200"
                    MaxEndpointsPerRole="200">
    <NamespaceTable>
        <Uri>http://opcfoundation.org/Quickstarts/ReferenceServer</Uri>
        <Uri>http://test.org/UA/Data/</Uri>
        <Uri>http://test.org/UA/Data/Instance</Uri>
        <Uri>http://opcfoundation.org/UA/Boiler/</Uri>
        <Uri>http://opcfoundation.org/UA/Boiler/Instance</Uri>
        <Uri>http://test.org/UA/Alarms/</Uri>
        <Uri>http://test.org/UA/Alarms/Instance</Uri>
        <Uri>http://opcfoundation.org/UA/Diagnostics</Uri>
        <Uri>http://samples.org/UA/MemoryBuffer</Uri>
        <Uri>http://samples.org/UA/MemoryBuffer/Instance</Uri>
    </NamespaceTable>
    <Roles>
        <Role Name="Anonymous" NodeId="i=15644"
              IgnorePermissions="true"
              CustomConfiguration="false"
              EndpointsMode="Ignore"
              ApplicationsMode="Ignore"
              DisableOnlineConfiguration="false">
        </Role>
        <Role Name="AuthenticatedUser" NodeId="i=15656"
              IgnorePermissions="true"
              CustomConfiguration="false"
              EndpointsMode="Ignore"
              ApplicationsMode="Ignore"
              DisableOnlineConfiguration="false">
        </Role>
        <Role Name="Operator" NodeId="i=15680"
              IgnorePermissions="true"
              CustomConfiguration="false"
              EndpointsMode="Ignore"
              ApplicationsMode="Ignore"
              DisableOnlineConfiguration="false">
        </Role>
    </Roles>
</RoleConfigurations>
Top
User avatar
Support Team
Hero Member
Hero Member
Posts: 3269
Joined: 18 Mar 2011, 15:09

Re: Role configuration schema

Post by Support Team »

Hi,

Normally the RolePermission attribute can only be read by clients having the Role SecurityAdmin assigned. So you need to add the client to the SecurityAdmin role. Please see the role configuration file of the DemoServer or the Lesson 09 of the Server Getting Started example.

Please have a look at the documentation of Lesson 09. You can see here how to configure the application to use the role configuration file.
https://documentation.unified-automation.com/uasdknet/4.1.0/html/L3ServerTutGSLess09.html

Some additional hints for the role configuration file.
* You should only configure the NamespaceUris used for the Role nodes. I.e. the NamespaceTable should only have the entry "<Uri>http://opcfoundation.org/UA/</Uri>" when using only roles defined by the OPC Foundation / SDK.
* The role configuration file will look more clear when omitting the attributes have the default values.
Best regards
Unified Automation Support Team
Top
Post Reply

Return to “.NET based OPC UA SDK”