0008758: RolePermissions and AccesRestrictions missing in Nodeset

ID	Project	Category	View Status	Date Submitted	Last Update

0008758	NodeSets, XSDs and Generated Code	Feature Request	public	2023-03-24 18:06	2024-06-13 15:10

Reporter	Matthias Damm	Assigned To	Randy Armstrong
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	closed	Resolution	reopened
Product Version	1.05.02
Target Version	1.05.03 RC1	Fixed in Version	1.05.04 RC1

Summary	0008758: RolePermissions and AccesRestrictions missing in Nodeset
Description	The nodeset schema defines AccessRestrictions and RolePermissions in UANode. The specification defines roles (e.g. SecurityAdmin) or restrictions like encryption required for some instance nodes that are in the NS= nodeset. But these nodes do not have the restrictions and permissions set
Tags	No tags attached.

Commit Version	1.05.03
Fix Due Date	2023-11-15

related to	0009272	closed	Randy Armstrong	10000-003: Address Space	Clarification for permission flags for nodes
has duplicate	0007912	closed	Randy Armstrong	NodeSets, XSDs and Generated Code	UANodeSet is missing RolePermissions and AccessRestrictions
related to	0007307	closed	Matthias Damm	10000-004: Services	Handling of optional methods (variables) not implemented but imported from nodeset
related to	0009265	assigned	Randy Armstrong	10000-006: Mappings	RolePermissions and AccesRestrictions missing in Nodeset

Randy Armstrong 2023-05-12 06:45 administrator ~0019339	RolePermissions for well known nodes are now in the NodeSet.

Matthias Damm 2023-10-05 11:05 reporter ~0020094	I checked the nodeset provided with the 1.05.03 release candidate specification and the problem is only partially fixed for a few Method nodes. RolePermissions are still missing for a lot of nodes e.g. all of the Role and user management objects. AccessRestrictions are not contained at all. The nodes that have RolePermissions, are missing the permissions ReadRolePermissions and ReceiveEvents. The following permissions should be included for the 'normal' SecurityAdmin use cases. Browse ReadRolePermissions Read Write ReceiveEvents Call I will provide a file that contains RolePermissions and AccessRestrictions for the OPC UA namespace that we set in our SDKs.

Matthias Damm 2023-10-05 11:08 reporter ~0020095	Attached is a file that contains RolePermissions and AccessRestrictions for the OPC UA namespace that we set in our SDKs. I can easily modify the format if needed. permissionsofnamespace0.csv (21,484 bytes) BrowseName,Identifier,NodeClass,AccessRestrictions,Role1,Permission1,Role2,Permission2,Role...,Permission... SessionsDiagnosticsSummary_SessionSecurityDiagnosticsArray,3708,Variable,Signed Encrypted,Anonymous,1 B,ConfigureAdmin,6243 B RRP R W E C,SecurityAdmin,6243 B RRP R W E C Server_ServerConfiguration,12637,Object,,Anonymous,1 B,ConfigureAdmin,2083 B RRP R E,SecurityAdmin,6243 B RRP R W E C ServerConfiguration_SupportedPrivateKeyFormats,12639,Variable,,Anonymous,1 B,ConfigureAdmin,2083 B RRP R E,SecurityAdmin,6243 B RRP R W E C ServerConfiguration_MaxTrustListSize,12640,Variable,,Anonymous,1 B,ConfigureAdmin,2083 B RRP R E,SecurityAdmin,6243 B RRP R W E C DefaultApplicationGroup_TrustList,12642,Object,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_Size,12643,Variable,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_OpenCount,12646,Variable,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_Open,12647,Method,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_Close,12650,Method,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_Read,12652,Method,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_Write,12655,Method,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_GetPosition,12657,Method,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_SetPosition,12660,Method,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_LastUpdateTime,12662,Variable,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_OpenWithMasks,12663,Method,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_CloseAndUpdate,12666,Method,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_AddCertificate,12668,Method,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_RemoveCertificate,12670,Method,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C ServerConfiguration_CreateSigningRequest,12737,Method,,Anonymous,1 B,ConfigureAdmin,2083 B RRP R E,SecurityAdmin,6243 B RRP R W E C ServerConfiguration_ApplyChanges,12740,Method,,Anonymous,1 B,ConfigureAdmin,2083 B RRP R E,SecurityAdmin,6243 B RRP R W E C ServerConfiguration_GetRejectedList,12777,Method,,Anonymous,1 B,ConfigureAdmin,2083 B RRP R E,SecurityAdmin,6243 B RRP R W E C Server_RequestServerStateChange,12886,Method,Signed Encrypted,ConfigureAdmin,4099 B RRP C,SecurityAdmin,131071 B RRP WA WRP WH R W RH I MH DH E C AR RR DN AN ServerConfiguration_UpdateCertificate,13737,Method,,Anonymous,1 B,ConfigureAdmin,2083 B RRP R E,SecurityAdmin,6243 B RRP R W E C ServerConfiguration_CertificateGroups,14053,Object,,Anonymous,1 B,ConfigureAdmin,2083 B RRP R E,SecurityAdmin,6243 B RRP R W E C CertificateGroups_DefaultUserTokenGroup,14122,Object,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C DefaultUserTokenGroup_TrustList,14123,Object,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_Size,14124,Variable,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_Writable,14125,Variable,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_UserWritable,14126,Variable,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_OpenCount,14127,Variable,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_Open,14129,Method,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_Close,14132,Method,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_Read,14134,Method,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_Write,14137,Method,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_GetPosition,14139,Method,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_SetPosition,14142,Method,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_LastUpdateTime,14144,Variable,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_OpenWithMasks,14145,Method,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_CloseAndUpdate,14148,Method,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_AddCertificate,14151,Method,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_RemoveCertificate,14153,Method,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C DefaultUserTokenGroup_CertificateTypes,14155,Variable,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C CertificateGroups_DefaultApplicationGroup,14156,Object,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_Writable,14157,Variable,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C TrustList_UserWritable,14158,Variable,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C DefaultApplicationGroup_CertificateTypes,14161,Variable,Signed Encrypted,SecurityAdmin,6243 B RRP R W E C Server_PublishSubscribe,14443,Object,,ConfigureAdmin,6369 B R W RH E C,AuthenticatedUser,6305 B R RH E C,Anonymous,6305 B R RH E C PublishSubscribe_GetSecurityKeys,15215,Method,Signed Encrypted,Anonymous,6369 B R W RH E C,AuthenticatedUser,6369 B R W RH E C Anonymous_ApplicationsExclude,15412,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Anonymous_EndpointsExclude,15413,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C AuthenticatedUser_ApplicationsExclude,15414,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C AuthenticatedUser_EndpointsExclude,15415,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Observer_ApplicationsExclude,15416,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Observer_EndpointsExclude,15417,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Operator_ApplicationsExclude,15418,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Operator_EndpointsExclude,15423,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Engineer_ApplicationsExclude,15424,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Engineer_EndpointsExclude,15425,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Supervisor_ApplicationsExclude,15426,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Supervisor_EndpointsExclude,15427,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C ConfigureAdmin_ApplicationsExclude,15428,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C ConfigureAdmin_EndpointsExclude,15429,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityAdmin_ApplicationsExclude,15430,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityAdmin_EndpointsExclude,15527,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C AuthenticatedUser_AddIdentity,15660,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C AuthenticatedUser_RemoveIdentity,15662,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Observer_AddIdentity,15672,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Observer_RemoveIdentity,15674,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Operator_AddIdentity,15684,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Operator_RemoveIdentity,15686,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Supervisor_AddIdentity,15696,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Supervisor_RemoveIdentity,15698,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityAdmin_AddIdentity,15708,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityAdmin_RemoveIdentity,15710,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C ConfigureAdmin_AddIdentity,15720,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C ConfigureAdmin_RemoveIdentity,15722,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Engineer_AddIdentity,16041,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Engineer_RemoveIdentity,16043,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Anonymous_Identities,16192,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Anonymous_Applications,16193,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Anonymous_Endpoints,16194,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Anonymous_AddApplication,16195,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Anonymous_RemoveApplication,16197,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Anonymous_AddEndpoint,16199,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Anonymous_RemoveEndpoint,16201,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C AuthenticatedUser_Identities,16203,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C AuthenticatedUser_Applications,16204,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C AuthenticatedUser_Endpoints,16205,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C AuthenticatedUser_AddApplication,16206,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C AuthenticatedUser_RemoveApplication,16208,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C AuthenticatedUser_AddEndpoint,16210,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C AuthenticatedUser_RemoveEndpoint,16212,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Observer_Identities,16214,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Observer_Applications,16215,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Observer_Endpoints,16216,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Observer_AddApplication,16217,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Observer_RemoveApplication,16219,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Observer_AddEndpoint,16221,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Observer_RemoveEndpoint,16223,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Operator_Identities,16225,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Operator_Applications,16226,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Operator_Endpoints,16227,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Operator_AddApplication,16228,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Operator_RemoveApplication,16230,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Operator_AddEndpoint,16232,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Operator_RemoveEndpoint,16234,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Engineer_Identities,16236,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Engineer_Applications,16237,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Engineer_Endpoints,16238,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Engineer_AddApplication,16239,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Engineer_RemoveApplication,16241,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Engineer_AddEndpoint,16243,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Engineer_RemoveEndpoint,16245,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Supervisor_Identities,16247,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Supervisor_Applications,16248,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Supervisor_Endpoints,16249,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Supervisor_AddApplication,16250,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Supervisor_RemoveApplication,16252,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Supervisor_AddEndpoint,16254,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C Supervisor_RemoveEndpoint,16256,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityAdmin_Identities,16258,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityAdmin_Applications,16259,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityAdmin_Endpoints,16260,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityAdmin_AddApplication,16261,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityAdmin_RemoveApplication,16263,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityAdmin_AddEndpoint,16265,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityAdmin_RemoveEndpoint,16267,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C ConfigureAdmin_Identities,16269,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C ConfigureAdmin_Applications,16270,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C ConfigureAdmin_Endpoints,16271,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C ConfigureAdmin_AddApplication,16272,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C ConfigureAdmin_RemoveApplication,16274,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C ConfigureAdmin_AddEndpoint,16276,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C ConfigureAdmin_RemoveEndpoint,16278,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C RoleSet_AddRole,16301,Method,Signed,Anonymous,1 B,ConfigureAdmin,3 B RRP,SecurityAdmin,6243 B RRP R W E C RoleSet_RemoveRole,16304,Method,Signed,Anonymous,1 B,ConfigureAdmin,3 B RRP,SecurityAdmin,6243 B RRP R W E C PublishSubscribe_SetSecurityKeys,17364,Method,Signed Encrypted,SecurityKeyServerPush,6369 B R W RH E C PublishSubscribe_AddConnection,17366,Method,,ConfigureAdmin,6369 B R W RH E C,AuthenticatedUser,2209 B R RH E,Anonymous,2209 B R RH E PublishSubscribe_RemoveConnection,17369,Method,,ConfigureAdmin,6369 B R W RH E C,AuthenticatedUser,2209 B R RH E,Anonymous,2209 B R RH E PublishSubscribe_PublishedDataSets,17371,Object,,ConfigureAdmin,6369 B R W RH E C,AuthenticatedUser,2209 B R RH E,Anonymous,2209 B R RH E PublishSubscribe_Status,17405,Object,,ConfigureAdmin,6369 B R W RH E C,AuthenticatedUser,2209 B R RH E,Anonymous,2209 B R RH E PublishSubscribe_SubscribedDataSets,23658,Object,,ConfigureAdmin,6369 B R W RH E C,AuthenticatedUser,2209 B R RH E,Anonymous,2209 B R RH E PublishSubscribe_DataSetClasses,23685,Object,,ConfigureAdmin,6369 B R W RH E C,AuthenticatedUser,2209 B R RH E,Anonymous,2209 B R RH E UserManagement_PasswordRestrictions,24291,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,35 B RRP R UserManagement_Users,24301,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,35 B RRP R UserManagement_PasswordLength,24302,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,35 B RRP R UserManagement_PasswordOptions,24303,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,35 B RRP R UserManagement_AddUser,24304,Method,Signed Encrypted,ConfigureAdmin,3 B RRP,SecurityAdmin,4099 B RRP C UserManagement_ModifyUser,24306,Method,Signed Encrypted,ConfigureAdmin,3 B RRP,SecurityAdmin,4099 B RRP C UserManagement_RemoveUser,24308,Method,Signed Encrypted,ConfigureAdmin,3 B RRP,SecurityAdmin,4099 B RRP C UserManagement_ChangePassword,24310,Method,Signed Encrypted,AuthenticatedUser,4097 B C,SecurityAdmin,4099 B RRP C PublishSubscribe_PubSubConfiguration,25451,Object,,ConfigureAdmin,6369 B R W RH E C,AuthenticatedUser,6305 B R RH E C,Anonymous,6305 B R RH E C PubSubConfiguration_ReserveIds,25474,Method,,ConfigureAdmin,6369 B R W RH E C,AuthenticatedUser,2209 B R RH E,Anonymous,2209 B R RH E PubSubConfiguration_CloseAndUpdate,25477,Method,,ConfigureAdmin,6369 B R W RH E C,AuthenticatedUser,2209 B R RH E,Anonymous,2209 B R RH E SecurityKeyServerAdmin_Identities,25566,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerAdmin_ApplicationsExclude,25567,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerAdmin_Applications,25568,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerAdmin_EndpointsExclude,25569,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerAdmin_Endpoints,25570,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerAdmin_AddIdentity,25572,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerAdmin_RemoveIdentity,25574,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerAdmin_AddApplication,25576,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerAdmin_RemoveApplication,25578,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerAdmin_AddEndpoint,25580,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerAdmin_RemoveEndpoint,25582,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerPush_Identities,25585,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerPush_ApplicationsExclude,25586,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerPush_Applications,25587,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerPush_EndpointsExclude,25588,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerPush_Endpoints,25589,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerPush_AddIdentity,25591,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerPush_RemoveIdentity,25593,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerPush_AddApplication,25595,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerPush_RemoveApplication,25597,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerPush_AddEndpoint,25599,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerPush_RemoveEndpoint,25601,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerAccess_Identities,25604,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerAccess_ApplicationsExclude,25605,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerAccess_Applications,25606,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerAccess_EndpointsExclude,25607,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerAccess_Endpoints,25608,Variable,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerAccess_AddIdentity,25610,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerAccess_RemoveIdentity,25612,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerAccess_AddApplication,25614,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerAccess_RemoveApplication,25616,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerAccess_AddEndpoint,25618,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C SecurityKeyServerAccess_RemoveEndpoint,25620,Method,Signed Encrypted,ConfigureAdmin,35 B RRP R,SecurityAdmin,6243 B RRP R W E C permissionsofnamespace0.csv (21,484 bytes)

Randy Armstrong 2023-11-14 16:35 administrator ~0020358	Update Part 6 to indicate that RolePermissions propogate to children but in the AddressSpace RolePermissions only affect the Node they are attached to (i.e. implementors must copy the permissions to all child nodes).

Matthias Damm 2023-11-15 08:27 reporter ~0020361	This breaking change in Part 6 makes no sense. (1) The UANodeset is a dump format and we tried to avoid any logic other than ommited default values (2) It is not always valid to simply copy the permissions to all child nodes (e.g. if it is intentional to use the namespace default permissions for the children). This is a task modeling tools or nodeset generators need to do with the known logic or user interaction. This is nothing a importer should guess or implement logic for.

Randy Armstrong 2023-11-16 02:36 administrator ~0020362	Reviewed an updated permissions on all nodes. Created an automatically generated CSV that allows for permissions to be reviewed more easily. Permissions are set on each node even though the source file specifies the permissions on types/parents. Added this to the specification: When a UANodeSet is the normative definition for the Nodes defined by a specification then the RolePermissions are the minimum requirements. Implementors may add additional Roles that have privileges equivalent to the Roles specified, however, they may not make the Node more accessible. For example, Anonymous or AuthenticatedUser Roles shall not be granted more access to the Node than is specified in this field. Similarly, the AccessRestrictions are the minimum required. For example, a Node that has the EncryptionRequired AccessRestriction specified shall not have that restriction removed, however, additional restrictions may be added by the implementor

Jim Luth 2024-06-13 15:10 administrator ~0021354	Agreed to changes in virtual F2F.

Date Modified	Username	Field	Change
2023-03-24 18:06	Matthias Damm	New Issue
2023-03-24 18:06	Matthias Damm	Status	new => assigned
2023-03-24 18:06	Matthias Damm	Assigned To	=> Randy Armstrong
2023-03-24 18:06	Matthias Damm	Relationship added	related to 0007307
2023-05-12 06:45	Randy Armstrong	Status	assigned => resolved
2023-05-12 06:45	Randy Armstrong	Resolution	open => fixed
2023-05-12 06:45	Randy Armstrong	Note Added: 0019339
2023-10-05 11:05	Matthias Damm	Status	resolved => feedback
2023-10-05 11:05	Matthias Damm	Resolution	fixed => reopened
2023-10-05 11:05	Matthias Damm	Note Added: 0020094
2023-10-05 11:08	Matthias Damm	Note Added: 0020095
2023-10-05 11:08	Matthias Damm	File Added: permissionsofnamespace0.csv
2023-10-05 11:08	Matthias Damm	Status	feedback => assigned
2023-11-07 16:12	Jim Luth	Commit Version	=> 1.05.03
2023-11-07 16:12	Jim Luth	Fix Due Date	=> 2023-11-15
2023-11-14 16:35	Randy Armstrong	Note Added: 0020358
2023-11-14 16:36	Randy Armstrong	Issue cloned: 0009265
2023-11-15 08:27	Matthias Damm	Note Added: 0020361
2023-11-16 02:36	Randy Armstrong	Status	assigned => resolved
2023-11-16 02:36	Randy Armstrong	Note Added: 0020362
2023-11-16 03:03	Randy Armstrong	Relationship added	has duplicate 0007912
2023-11-28 17:10	Randy Armstrong	Relationship added	related to 0009272
2024-06-12 14:19	Randy Armstrong	Relationship added	related to 0009265
2024-06-13 15:10	Jim Luth	Status	resolved => closed
2024-06-13 15:10	Jim Luth	Fixed in Version	=> 1.05.04 RC1
2024-06-13 15:10	Jim Luth	Note Added: 0021354

View Issue Details

Relationships

Activities

Issue History