Push Management - Object shall only be visible and accessible to administrators | OPC UA Standard | Forum

Avatar
Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
Lost password?
sp_Feed sp_PrintTopic sp_TopicIcon
Push Management - Object shall only be visible and accessible to administrators
Avatar
Martin Lang
Germany
Member
Members
Forum Posts: 63
Member Since:
06/25/2014
sp_UserOfflineSmall Offline
1
06/22/2022 - 08:37
sp_Permalink sp_Print

Part 12 defines:

If a Server supports Push Management it is required to support an information model as part
of its address space. It shall support the ServerConfiguration Object shown in Figure 15. This
Object shall only be visible and accessible to administrators and/or the GDS.

What does "only be visible/accessible" mean in detail?

My assumption:

Accessible - only administrator and/or the GDS can read/write/executable nodes below the ServerConfiguration node.

Visible - only administrator and/or the GDS shall "see" the HasComponent-reference from the ServerObject to the ServerConfiguration object? So the ServerConfiguration node are not shown and a browse on the ServerConfiguration node shall also not possible for non-administrator?

Avatar
Randy Armstrong
Admin
Forum Posts: 1011
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
2
06/22/2022 - 12:52
sp_Permalink sp_Print

From 1.05.2 Draft:

This Object and its immediate children shall be visible (i.e. browse access is available) to users who can access the Server Object. The children of the CertificateGroups Object shall only be visible to Clients with access to the SecurityAdmin Role

Avatar
Martin Lang
Germany
Member
Members
Forum Posts: 63
Member Since:
06/25/2014
sp_UserOfflineSmall Offline
3
06/22/2022 - 23:46
sp_Permalink sp_Print

to users who can access the Server Object

Are there use cases where a client can not use GetMonitoredItems method, ServerCapabilities or e.g. NamespaceArray?

Imho every client shall be able to access the ServerObject.

The children of the CertificateGroups Object shall only be visible to Clients with access to the SecurityAdmin Role

Same question came up.

A Guest client browses ServerConfiguration node and retrieve no reference to the CertificateGroup and the SecAdmin client get this reference by browsing the ServerConfiguration?

Avatar
Randy Armstrong
Admin
Forum Posts: 1011
Member Since:
05/30/2017
sp_UserOfflineSmall Offline
4
06/23/2022 - 16:19
sp_Permalink sp_Print

Imho every client shall be able to access the ServerObject.

Servers don't have to allow anonymous access. Any Client that can create a Session can access the Server Object.

All of the Nodes of the ServerConfiguration Object have well-known NodeIds so hiding the Nodes does not actually hide anything.

OTOH, the contents of the CertificateGroups folder change from Server to Server so hiding those Nodes does keep sensitive information hidden.

Forum Timezone: America/Phoenix
Most Users Ever Online: 202
Currently Online:
Guest(s) 7
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Forum Stats:
Groups: 2
Forums: 10
Topics: 1093
Posts: 3537