#include <accesscontrol.hpp>
Detailed Description
Access control base class.
Used to authenticate sessions and grant access rights accordingly. Custom access control can be implemented by deriving from this class and overwriting the access control callbacks.
If exceptions are thrown within the access control callbacks, they are caught in the C callbacks and will return the most restrictive access rights, e.g. AccessLevel::None in getUserAccessLevel or false in allowAddNode. The exception will be logged (warning level).
The sessionId can originally be both NULL in open62541. This is the case when, for example, a MonitoredItem (the underlying Subscription) is detached from its Session but continues to run. This wrapper passes session by reference, so it can't be NULL. Instead, a session with an empty sessionId will be passed.
Definition at line 34 of file accesscontrol.hpp.
Public Member Functions | |
| virtual Span< UserTokenPolicy > | getUserTokenPolicies ()=0 |
| virtual StatusCode | activateSession (Session &session, const EndpointDescription &endpointDescription, const ByteString &secureChannelRemoteCertificate, const ExtensionObject &userIdentityToken)=0 |
| virtual void | closeSession (Session &session)=0 |
| virtual Bitmask< WriteMask > | getUserRightsMask (Session &session, const NodeId &nodeId)=0 |
| virtual Bitmask< AccessLevel > | getUserAccessLevel (Session &session, const NodeId &nodeId)=0 |
| virtual bool | getUserExecutable (Session &session, const NodeId &methodId)=0 |
| virtual bool | getUserExecutableOnObject (Session &session, const NodeId &methodId, const NodeId &objectId)=0 |
| virtual bool | allowAddNode (Session &session, const AddNodesItem &item)=0 |
| virtual bool | allowAddReference (Session &session, const AddReferencesItem &item)=0 |
| virtual bool | allowDeleteNode (Session &session, const DeleteNodesItem &item)=0 |
| virtual bool | allowDeleteReference (Session &session, const DeleteReferencesItem &item)=0 |
| virtual bool | allowBrowseNode (Session &session, const NodeId &nodeId)=0 |
| virtual bool | allowTransferSubscription (Session &oldSession, Session &newSession)=0 |
| virtual bool | allowHistoryUpdate (Session &session, const NodeId &nodeId, PerformUpdateType performInsertReplace, const DataValue &value)=0 |
| virtual bool | allowHistoryDelete (Session &session, const NodeId &nodeId, DateTime startTimestamp, DateTime endTimestamp, bool isDeleteModified)=0 |
| UA_AccessControl | create (bool ownsAdapter) override |
 Public Member Functions inherited from opcua::PluginAdapter< UA_AccessControl > | |
| PluginAdapter ()=default | |
| PluginAdapter (const PluginAdapter &)=default | |
| PluginAdapter (PluginAdapter &&) noexcept=default | |
| virtual | ~PluginAdapter ()=default |
| PluginAdapter & | operator= (const PluginAdapter &)=default |
| PluginAdapter & | operator= (PluginAdapter &&) noexcept=default |
Additional Inherited Members | |
| Public Types inherited from opcua::PluginAdapter< UA_AccessControl > | |
| using | PluginType = UA_AccessControl |
Member Function Documentation
◆ activateSession()
|
pure virtual |
Authenticate a session.
The new session is rejected if a status code other than UA_STATUSCODE_GOOD is returned.
Implemented in opcua::AccessControlDefault.
◆ allowAddNode()
|
pure virtual |
Allow adding a node.
Implemented in opcua::AccessControlDefault.
◆ allowAddReference()
|
pure virtual |
Allow adding a reference.
Implemented in opcua::AccessControlDefault.
◆ allowBrowseNode()
|
pure virtual |
Allow browsing a node.
Implemented in opcua::AccessControlDefault.
◆ allowDeleteNode()
|
pure virtual |
Allow deleting a node.
Implemented in opcua::AccessControlDefault.
◆ allowDeleteReference()
|
pure virtual |
Allow deleting a reference.
Implemented in opcua::AccessControlDefault.
◆ allowHistoryDelete()
|
pure virtual |
Allow delete of historical data.
Implemented in opcua::AccessControlDefault.
◆ allowHistoryUpdate()
|
pure virtual |
Allow insert, replace, update of historical data.
Implemented in opcua::AccessControlDefault.
◆ allowTransferSubscription()
|
pure virtual |
Allow transfer of a subscription to another session.
Implemented in opcua::AccessControlDefault.
◆ closeSession()
|
pure virtual |
Deauthenticate a session and cleanup session context.
Implemented in opcua::AccessControlDefault.
◆ create()
|
overridevirtual |
Implements opcua::PluginAdapter< UA_AccessControl >.
◆ getUserAccessLevel()
|
pure virtual |
Additional access control for variable nodes.
Implemented in opcua::AccessControlDefault.
◆ getUserExecutable()
|
pure virtual |
Additional access control for method nodes.
Implemented in opcua::AccessControlDefault.
◆ getUserExecutableOnObject()
|
pure virtual |
Additional access control for calling a method node in the context of a specific object.
Implemented in opcua::AccessControlDefault.
◆ getUserRightsMask()
|
pure virtual |
Access control for all nodes.
Implemented in opcua::AccessControlDefault.
◆ getUserTokenPolicies()
|
pure virtual |
Get available user token policies.
If the securityPolicyUri is empty, the highest available security policy will be used to transfer user tokens.
- Note
- The returned span must be valid throughout the lifetime of the instance.
Implemented in opcua::AccessControlDefault.
