Access rights
The TwinCAT OPC UA Server enables the configuration of access rights for specific authenticated user identities. These access rights can be configured for entire namespaces as well as for individual nodes. This allows both access to ADS devices (e.g. to different PLC runtimes) and individual symbols to be set with fine granularity.
These security settings are available for all Data-Access devices that can be represented in the server namespace.
This functionality is configured via the TwinCAT OPC UA Configurator. In the standalone version of the configurator, the corresponding configuration interface can be found under the Security tab.
Configuring access to namespaces
The configuration of user access to individual namespaces is always based on the configured user groups. You can manage the corresponding access rights for individual namespaces in the user group settings. Some groups come preconfigured and you can use their configuration parameters as a guide.
The following table provides an overview of the permissions that are defined for each of the user groups as they are delivered.
User group | Description |
|---|---|
Administrators | Predefined user group for server administrators. This user group has full access to all namespaces. |
Guests | Predefined user group for guest users. This user group has limited access to the server and only to the default namespace "0" with the permissions ReadAttribute, ReadValue and Browse. |
Users | Predefined user group for normal users. This user group has extended access rights to all namespaces, in particular full access to the namespace of the preconfigured Data Access device. |
By adding users to the user groups, they automatically inherit the corresponding permissions from the group.
Configuring access at the node level
The Node permissions tab can be used to configure extended and very fine-grained permissions at node level. Sub-elements can inherit the permissions. You can use the Target Browser to transfer nodes to be configured from the server to the configuration using drag and drop.
The individual permissions on the node can be linked to a configured user group.
