This issue heavily relates to (and depends on) https://mantis.opcfoundation.org/view.php?id=9879.

Depending on what method resolution process is actually applied by the "Call" service there is an empty spot regarding which RolePermissions are to be applied.

RolePermissions are specified to be associated with nodes. Therefore having identical methods in an object hierarchy basically means that we can assign different RolePermissions for each level. Consider the example from issue 0009879:

• "SuperFooType" -hasComponent-> "DoSomething" (i=111) - RolePerms111
• "FooType" -hasComponent-> "DoSomething" (i=222) - RolePerms222
• "Foo" -hasComponent-> "DoSomething" (i=333) - RolePerms333

If we realise the "Call" service naively, there would be different permissions applied depending on what method node is actually provided to the "Call" service:

• Calling i=111 on "Foo" would check RolePerms111
• Calling i=222 on "Foo" would check RolePerms222
• Calling i=333 on "Foo" would check RolePerms333

My feeling is that this is really bad. It is definitely better if only the permission set of that method node is applied that is directly associated with the calling context node:

• Calling i=111 on "Foo" would check RolePerms333
• Calling i=222 on "Foo" would check RolePerms333
• Calling i=333 on "Foo" would check RolePerms333

A description of what to actually do in this case is nowhere to be found in the spec (at least not anywhere I looked at).