Hi Team,
We are getting below error in our client when we are doing transfer of subscription.
Transfer of subscription 13991986 on OPC server /Source/local (1fb47dw8-395e-4573-b7e7-a32406a36964) failed: Bad_UserAccessDenied (0x801F0000) "User does not have permission to perform the requested operation..
We are using anonymous user while requesting the service.
Could you please help me to change the configuration at server or something else.
Thanks.
User does not have permission to perform request operation
Moderator: uasdkhpc
-
- Jr. Member
- Posts: 1
- Joined: 08 May 2020, 21:24
Re: User does not have permission to perform request operation
I'm getting the same error. I transfer of subscriptions not allowed for anonymous users?
- Support Team
- Hero Member
- Posts: 3078
- Joined: 18 Mar 2011, 15:09
Re: User does not have permission to perform request operation
Hi,
when transfering subscription, how do you ensure that it is not "hijacked" by someone else?
There must be some kind of identification mechanizm to make sure the subscription in transfered to the same identity that has owned it before. Otherways that would be some major security flaw, don't you think?
You might say it may not be generally forbidden for "anonymous" user, but at least the same application should ask for the transfer. This could be ensured by running over secured endpoint having an identified application. However, transfer subscription of anonymous user running a "none" SecurityProfile should not be allowed whatsoever, and the server should return "Bad_UserAccessDenied", which it does.
when transfering subscription, how do you ensure that it is not "hijacked" by someone else?
There must be some kind of identification mechanizm to make sure the subscription in transfered to the same identity that has owned it before. Otherways that would be some major security flaw, don't you think?
You might say it may not be generally forbidden for "anonymous" user, but at least the same application should ask for the transfer. This could be ensured by running over secured endpoint having an identified application. However, transfer subscription of anonymous user running a "none" SecurityProfile should not be allowed whatsoever, and the server should return "Bad_UserAccessDenied", which it does.
Best regards
Unified Automation Support Team
Unified Automation Support Team