#include <accesscontrol_default.hpp>

Inheritance diagram for opcua::AccessControlDefault:

Detailed Description

Default access control.

This class implements the same logic as UA_AccessControl_default(). The log-in can be anonymous or username-password. A logged-in user has all access rights.

Warning: Use less permissive access control in production!

Examples: server_accesscontrol.cpp.

Definition at line 24 of file accesscontrol_default.hpp.

Public Member Functions
	AccessControlDefault (bool allowAnonymous=true, std::vector< Login > logins={})

Span< UserTokenPolicy >	getUserTokenPolicies () override

StatusCode	activateSession (Session &session, const EndpointDescription &endpointDescription, const ByteString &secureChannelRemoteCertificate, const ExtensionObject &userIdentityToken) override

void	closeSession (Session &session) override

Bitmask< WriteMask >	getUserRightsMask (Session &session, const NodeId &nodeId) override

Bitmask< AccessLevel >	getUserAccessLevel (Session &session, const NodeId &nodeId) override

bool	getUserExecutable (Session &session, const NodeId &methodId) override

bool	getUserExecutableOnObject (Session &session, const NodeId &methodId, const NodeId &objectId) override

bool	allowAddNode (Session &session, const AddNodesItem &item) override

bool	allowAddReference (Session &session, const AddReferencesItem &item) override

bool	allowDeleteNode (Session &session, const DeleteNodesItem &item) override

bool	allowDeleteReference (Session &session, const DeleteReferencesItem &item) override

bool	allowBrowseNode (Session &session, const NodeId &nodeId) override

bool	allowTransferSubscription (Session &oldSession, Session &newSession) override

bool	allowHistoryUpdate (Session &session, const NodeId &nodeId, PerformUpdateType performInsertReplace, const DataValue &value) override

bool	allowHistoryDelete (Session &session, const NodeId &nodeId, DateTime startTimestamp, DateTime endTimestamp, bool isDeleteModified) override

Public Member Functions inherited from opcua::AccessControlBase
UA_AccessControl	create (bool ownsAdapter) override

Public Member Functions inherited from opcua::PluginAdapter< UA_AccessControl >
	PluginAdapter ()=default

	PluginAdapter (const PluginAdapter &)=default

	PluginAdapter (PluginAdapter &&) noexcept=default

virtual	~PluginAdapter ()=default

PluginAdapter &	operator= (const PluginAdapter &)=default

PluginAdapter &	operator= (PluginAdapter &&) noexcept=default

Additional Inherited Members
Public Types inherited from opcua::PluginAdapter< UA_AccessControl >
using	PluginType

Constructor & Destructor Documentation

◆ AccessControlDefault()

opcua::AccessControlDefault::AccessControlDefault	(	bool	allowAnonymous = true,
		std::vector< Login >	logins = {} )

explicit

Member Function Documentation

◆ getUserTokenPolicies()

Span< UserTokenPolicy > opcua::AccessControlDefault::getUserTokenPolicies ( )

overridevirtual

Get available user token policies.

If the securityPolicyUri is empty, the highest available security policy will be used to transfer user tokens.

Note: The returned span must be valid throughout the lifetime of the instance.

Implements opcua::AccessControlBase.

◆ activateSession()

StatusCode opcua::AccessControlDefault::activateSession	(	Session &	session,
		const EndpointDescription &	endpointDescription,
		const ByteString &	secureChannelRemoteCertificate,
		const ExtensionObject &	userIdentityToken )

overridevirtual

Authenticate a session.

The new session is rejected if a status code other than UA_STATUSCODE_GOOD is returned.

Implements opcua::AccessControlBase.

◆ closeSession()

void opcua::AccessControlDefault::closeSession ( Session & session )

overridevirtual

Deauthenticate a session and cleanup session context.

Implements opcua::AccessControlBase.

◆ getUserRightsMask()

Bitmask< WriteMask > opcua::AccessControlDefault::getUserRightsMask	(	Session &	session,
		const NodeId &	nodeId )

overridevirtual

Access control for all nodes.

Implements opcua::AccessControlBase.

◆ getUserAccessLevel()

Bitmask< AccessLevel > opcua::AccessControlDefault::getUserAccessLevel	(	Session &	session,
		const NodeId &	nodeId )

overridevirtual

Additional access control for variable nodes.

Implements opcua::AccessControlBase.

◆ getUserExecutable()

bool opcua::AccessControlDefault::getUserExecutable	(	Session &	session,
		const NodeId &	methodId )

overridevirtual

Additional access control for method nodes.

Implements opcua::AccessControlBase.

◆ getUserExecutableOnObject()

bool opcua::AccessControlDefault::getUserExecutableOnObject	(	Session &	session,
		const NodeId &	methodId,
		const NodeId &	objectId )

overridevirtual

Additional access control for calling a method node in the context of a specific object.

Implements opcua::AccessControlBase.

◆ allowAddNode()

bool opcua::AccessControlDefault::allowAddNode	(	Session &	session,
		const AddNodesItem &	item )

overridevirtual

Allow adding a node.

Implements opcua::AccessControlBase.

◆ allowAddReference()

bool opcua::AccessControlDefault::allowAddReference	(	Session &	session,
		const AddReferencesItem &	item )

overridevirtual

Allow adding a reference.

Implements opcua::AccessControlBase.

◆ allowDeleteNode()

bool opcua::AccessControlDefault::allowDeleteNode	(	Session &	session,
		const DeleteNodesItem &	item )

overridevirtual

Allow deleting a node.

Implements opcua::AccessControlBase.

◆ allowDeleteReference()

bool opcua::AccessControlDefault::allowDeleteReference	(	Session &	session,
		const DeleteReferencesItem &	item )

overridevirtual

Allow deleting a reference.

Implements opcua::AccessControlBase.

◆ allowBrowseNode()

bool opcua::AccessControlDefault::allowBrowseNode	(	Session &	session,
		const NodeId &	nodeId )

overridevirtual

Allow browsing a node.

Implements opcua::AccessControlBase.

◆ allowTransferSubscription()

bool opcua::AccessControlDefault::allowTransferSubscription	(	Session &	oldSession,
		Session &	newSession )

overridevirtual

Allow transfer of a subscription to another session.

Implements opcua::AccessControlBase.

◆ allowHistoryUpdate()

bool opcua::AccessControlDefault::allowHistoryUpdate	(	Session &	session,
		const NodeId &	nodeId,
		PerformUpdateType	performInsertReplace,
		const DataValue &	value )

overridevirtual

Allow insert, replace, update of historical data.

Implements opcua::AccessControlBase.

◆ allowHistoryDelete()

bool opcua::AccessControlDefault::allowHistoryDelete	(	Session &	session,
		const NodeId &	nodeId,
		DateTime	startTimestamp,
		DateTime	endTimestamp,
		bool	isDeleteModified )

overridevirtual

Allow delete of historical data.

Implements opcua::AccessControlBase.

Detailed Description

Public Member Functions

Additional Inherited Members

Constructor & Destructor Documentation

◆ AccessControlDefault()

Member Function Documentation

◆ getUserTokenPolicies()

◆ activateSession()

◆ closeSession()

◆ getUserRightsMask()

◆ getUserAccessLevel()

◆ getUserExecutable()

◆ getUserExecutableOnObject()

◆ allowAddNode()

◆ allowAddReference()

◆ allowDeleteNode()

◆ allowDeleteReference()

◆ allowBrowseNode()

◆ allowTransferSubscription()

◆ allowHistoryUpdate()

◆ allowHistoryDelete()