Search code examples
c#opc-uaunified-automation-sdk

How to add role permissions to a node in OPCFoundation OPCUA

I'm trying to add specific role permissions for specific users to a particular node. To do this I use this code:

private BaseDataVariableState createThing(NodeId requestedNodeId, NodeId requestedDataType, string requestedBrowseName, BaseObjectState parentNode, bool x)
        {
            BaseDataVariableState variable = new BaseDataVariableState(parentNode);
            
            variable.SymbolicName = requestedBrowseName;
            variable.ReferenceTypeId = ReferenceTypes.Organizes;
            variable.TypeDefinitionId = VariableTypeIds.BaseDataVariableType;
            variable.NodeId = requestedNodeId;
            variable.BrowseName = new QualifiedName(requestedBrowseName);
            variable.DisplayName = new LocalizedText(requestedBrowseName);
            variable.WriteMask = AttributeWriteMask.DisplayName | AttributeWriteMask.Description;
            variable.UserWriteMask = AttributeWriteMask.DisplayName | AttributeWriteMask.Description;
            variable.DataType = requestedDataType;
            variable.ValueRank = ValueRanks.Scalar;
            variable.AccessLevel = AccessLevels.CurrentReadOrWrite;
            variable.UserAccessLevel = AccessLevels.CurrentReadOrWrite;
            variable.Historizing = true;
            variable.Value = 0;
            variable.StatusCode = StatusCodes.Good;
            variable.Timestamp = DateTime.UtcNow;
            variable.RolePermissions = addPredefinedRolePermissions();
            if (opcUaServer != null)
            {
                AddPredefinedNode(SystemContext, variable);
            }

            if (FindNodeInAddressSpace(variable.NodeId) != null)
            {
                Console.WriteLine("Node succesfully created with NiD: " + variable.NodeId);
            }
            return variable;
        }


private RolePermissionTypeCollection addPredefinedRolePermissions()
        {
            RolePermissionTypeCollection listPermissions = new RolePermissionTypeCollection();
            var limbo = new RolePermissionType();
            limbo.Permissions = (uint)PermissionType.None;
            limbo.RoleId = Opc.Ua.ObjectIds.WellKnownRole_Observer;
            var user = new RolePermissionType();
            user.Permissions = (uint)(PermissionType.Browse | PermissionType.Read | PermissionType.ReadRolePermissions |
                                  PermissionType.Write);;
            user.RoleId = Opc.Ua.ObjectIds.WellKnownRole_Anonymous;
            var god = new RolePermissionType();
            god.Permissions = (uint)(PermissionType.Browse | PermissionType.Read | PermissionType.ReadRolePermissions |
                                 PermissionType.Write | PermissionType.Call | PermissionType.ReadHistory | PermissionType.ReceiveEvents);
            god.RoleId = Opc.Ua.ObjectIds.WellKnownRole_Supervisor;
            return listPermissions;
        }

Then, I connect to all three usernames/connection types using separate instances of UAExpert. However, the role permissions I have set don't have any impact and all three instances of UAExpert can perform the same operations on the node. What am I doing wrong?

Cheers

Solution

  • For those that this could help I found a solution: Manually adding listeners for the specific events you want to add restrictions to: For example if node x should only be readable by user a and not b.

    x.onreadvalue = checkPermissions; 

checkPermissions{
 if(user == b){
 return baduser} 
 else{
 return value}}