Hey OPC UA community,
we are developing an OPC UA server. We want to provide our customers access to some nodes for free but for more detailed information we want only grant access if the customer have a license. The licensing on its own is not the problem but how to deal with the licensed nodes.
We already investigated some ideas but we are not sure which one is the prefered approach respectively if there is a more suitable solution.
One of our ideas was to use the AccessLevel attribute for each property.
Another approach we thought of is not to add the node when there is no license. In this case we would have the problematic to define the node as optional in the informationmodel and we are in doubt if this is a good solution.
Does OPC UA provide any mechanisms or best practise for this use case?
Thanks in advance.
You want to create Roles an use RolePermissions to control access to nodes:
Thanks for your fast answer!
We need a solution which works server side only. As I understand in the "Role-Based Security" specification the node access is handled based on information a client provides. Unfortunately this is not an option because the OPC UA Server get the license information from an internal system.
What about the AccessLevel?
Do you have another suggestion?
You need to know what customer is connecting to enforce any restrictions.
You can lookup the license info and then use the license info to assign roles.
There is no requirement that the mapping from user identities to roles only use the mapping structures in the spec.
These mappings structures can be ignored or can be used in addition to the mappings provided by your internal mechanisms.