11/22/2018
Hi,
while working with a OPC UA exploit test (claroty/opcua-exploit-framework) we encounter an issue related to writing to AccessLevel attribute of a node.
In the specification part 3, version V1.04, the AccessLevel is defined as a mandatory attribute of type AccessLevelType: “
The AccessLevel Attribute is used to indicate how the Value of a Variable can be accessed (read/write) and if it contains current and/or historic data. The AccessLevel does not take any user access rights into account, i.e. although the Variable is writable this may be restricted to a certain user / user group. |
“
We have a node that is read-only and set value of its attribute AccessLevel to 1, i.e., only bit 1 CurrentRead is set. When an user now attempts to write 3, meaning both CurrentRead and CurrentWrite bits are set, to this attribute, would this request then be rejected with BadWriteNotSupported? Is it also OK in this case if we instead reply with status code BadUserAccessDenied?
Thanks so much in advance!
05/30/2017
BadWriteNotSupported if writes are never allowed.
BadUserAccessDenied if only the current Session is prohibited (not just user since you could have, as an example, a server that only allows writes when a user is connected from a configuration application running on the same host)
1 Guest(s)