Access Configuration
The access control configuration is performed in a configuration file, stored in the file system of the CompactCom. The file is named “opcua.cfg” and has the following default content:
[Access] administrator operator user:r,b
This configuration can be changed by creating an opcua.cfg file in the file system root. Set the Anybus CompactCom in admin mode in the Ethernet Host Object (F9) to expose the file system root on WebDAV.
Each line of the Access section configures an access rule with the following format:
<role>:<access rights>:<namespace index>
Fields that have specified default behavior can be omitted.
Field | Description |
|---|---|
Role | Name of a role. Must be present in the user database. |
Access rights | Comma separated list with access rights. Possible access rights are: r – Gives read access of the value attribute of variable nodes w – Gives write access of the value attribute of variable nodes b – Gives browse access of nodes x – Execute method nodes No specified access rights implies full access |
Namespace index | Namespace index of the namespace to apply the access rights on. No specified namespace implies all namespaces. |
Some examples on how the access rules can be formatted:
Example | |
|---|---|
operator | The role operator gets full access to all namespaces |
operator:b | The role operator gets browse access to all namespaces |
operator:b:0 | The role operator gets browse access to namespace 0 |
operator::0 | The role operator gets full access to namespace 0 |
operator:r,b operator:w,x:4 | The role operator gets read and browse access to all namespaces and write and execute access to namespace 4 |
operator:r,w,b operator:r:4 | The role operator gets read, write and browse access to all namespaces (the second access rule does not affect the access in this case) |