0007764: Should it be allowed to remove user that is the user of the current session

ID	Project	Category	View Status	Date Submitted	Last Update

0007764	10000-018: Role-Based Security	Spec	public	2022-02-22 20:41	2022-03-11 14:57

Reporter	Matthias Damm	Assigned To	Matthias Damm
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	closed	Resolution	fixed
Product Version	1.05.01
Target Version	1.05.02 RC1	Fixed in Version	1.05.02 RC1

Summary	0007764: Should it be allowed to remove user that is the user of the current session
Description	UserManagementType::RemoveUser can be called by an authorized administrator. What happens if the user is removed that is used for the session that calls RemoveUser? I think this should not be allowed and the Method should return an error like BadInvalidSelfReference in this case.
Tags	No tags attached.

Commit Version
Fix Due Date

Matthias Damm 2022-03-10 08:43 developer ~0016289	Added clarification: If the user of the Session used to call the Method is to be removed, the Method shall fail with Bad_InvalidSelfReference. And Method result: Bad_InvalidSelfReference The user to remove is used by the Session used to call the Method. Fixed in: OPC 10000-18 - UA Specification Part 18 - Role-Based Security 1.05.02 Draft1.docx

Jim Luth 2022-03-11 14:57 administrator ~0016345	Agreed to changes in Virtual F2F. Label as Errata.

Date Modified	Username	Field	Change
2022-02-22 20:41	Matthias Damm	New Issue
2022-02-22 20:47	Matthias Damm	Description Updated
2022-03-10 08:43	Matthias Damm	Assigned To	=> Matthias Damm
2022-03-10 08:43	Matthias Damm	Status	new => resolved
2022-03-10 08:43	Matthias Damm	Resolution	open => fixed
2022-03-10 08:43	Matthias Damm	Note Added: 0016289
2022-03-11 14:57	Jim Luth	Status	resolved => closed
2022-03-11 14:57	Jim Luth	Fixed in Version	=> 1.05.02 RC1
2022-03-11 14:57	Jim Luth	Note Added: 0016345