Hello,

It has been nearly 2 years since this thread (https://forum.prosysopc.com/forum/opc-ua-java-sdk/about-roles/) became dormant. I just wanted to clarify a few things and see if anything has changed.

I am trying to implement an OPCUA server using the java SDK. I have a role based authentication mechanism in my application system, that I use to authorize user access to appropriate actions on particular nodes using the IoManagerListener and the NodeManagerListener.

However, I am facing the same issue as users above, of seeing the following attributes in OPC UA Browser in red:
– RolePermissions
– UserRolePermissions
– AccessRestrictions
– AccessLevel
– AccessLevelEx
with the value: Bad_AttributeIdInvalid (0x80350000) “The attribute is not supported for the specified Node.”

Questions:
1. How do I set (or rather inject visually) the values to the correct values for the user based on their access? What would these correct values be for the above fields for say a read and read/write?

2. In the example on another post, an example code was provided:
@Override
public boolean onReadNonValue(ServiceContext serviceContext, NodeId nodeId, UaNode node, UnsignedInteger attributeId,
DataValue dataValue) throws StatusException {
if (Attributes.UserRolePermissions.equals(attributeId)) {
dataValue.setValue(new Variant(new RolePermissionType[] {new RolePermissionType(roleNodeId, PermissionType.Browse)}));
dataValue.setStatusCode(StatusCode.GOOD);
return true;
}
return false;
}

Here, the RolePermissionType constructor takes a NodeId roleNodeId parameter. How do I get the RoleId for a particular OPCUA Role?

3. Maybe a more primitive question would be, how would I go about merging my application’s role system to the OPCUA Role system? As the protocol defines a set of well-known roles to be implemented by the server – https://reference.opcfoundation.org/Core/Part3/v104/docs/4.8.2#Table%202 , any thoughts on how to correspond these roles to roles in my application would be deeply appreciated.

4. The protocol specifies that if the server supports permissions (which my server does), we have to specify the ” property on the Namespace. https://reference.opcfoundation.org/Core/Part3/v104/docs/5.2.9#:~:text=If%20a%20Server%20supports%20Permissions%20for%20a%20particular%20Namespace%20it%20shall%20add%20the%20DefaultRolePermissions%20Property%20to%20the%20NamespaceMetadata%20Object%20for%20that%20Namespace
Is there a way to do this in the java SDK?

5. How do I manage roles in the UaServer? I see the nodes for roles in the OPC UA Browser (see attachment), but am unable to find any documentation on how to add/manage roles.
https://gcdnb.pbrd.co/images/Hlk0hDWnQmyz.png?o=1

Thank you so much!