Search code examples
javaopc-uaopcmilo

How to set an access level to a method or a folder in milo server


I am new to opc ua, I started by using milo server example with java.
I now understand how to set an access level restriction for variables nodes using this code for example :

    node.getFilterChain().addLast(new RestrictedAccessFilter(identity -> {
        if ("admin".equals(identity)) {
            return AccessLevel.READ_WRITE;
        } else if ("guest".equals(identity)) {
            return AccessLevel.READ_ONLY;
        } else {
            return AccessLevel.NONE;
        }
    }));

However I did not managed to do the same for a folder and method nodes.
Similar code does not seem to do anything.

How can I restrict the visibility of some folders to some users ?
How can U restrict the usage of some methods to to some users ?


Solution

  • Restricting the usage of methods is done by intercepting the UserExecutable attribute and returning true/false based on the Session/Identity.

    Visibility of Nodes is a little trickier because there is no first class support for it in the 0.6.x version. You can implement the browse and getReferences methods in your AddressSpace so they look at the Session/Identity and decide what to do, but that's about it.

    The dev/1.0 branch has added support for Roles and Permissions, which does support this concept in a more first class manner, and if you have configured the Server with the appropriate Roles and your Node with the appropriate RolePermissions and UserRolePermissions attributes, the Server's browse implementation honors these.

    It's probably better to start a new discussion on GH than carry on a conversation here if you have further questions.