 |
The Xentara OPC UA Server v1.2
User Manual
|
|
The Xentara OPC UA Server v1.2
User Manual
|
There are multiple security policies defined by OPC UA Foundation reference which their profiles are listed in SecurityPolicy ClientServer. The clients can opt one of the supported security policies to establish a secure channel to the server. The security policy None is used by the Xentara OPC UA server only for providing the discovery service by default.
The Xentara OPC UA server supports the following security policies:
| Security Policy | Profile URI | Application |
|---|---|---|
| None | http://opcfoundation.org/UA/SecurityPolicy#None | By default, only for discovery |
| Basic256Sha256 | http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256 | Secure channel establishment |
| Aes128-Sha256-RsaOaep | http://opcfoundation.org/UA/SecurityPolicy#Aes128_Sha256_RsaOaep | Secure channel establishment |
The Xentara OPC UA server supports both Username/Password Authentication and Certificate-Based Authentication. Details and requirements about Xentara authentication mechanisms can be found in Authentication. OPC UA clients follow the requirements explained in OPC UA User Authentication to authenticate against the Xentara OPC UA server.
An authenticated user will be authorized to roles configured by Xentara access control lists and has access to resources exposed by the server according to them. A user that has read entitlement can read the values of the server's address space nodes and a user that has write entitlement can write them if they are writable. Also note that only users that have the OPCUAServer.connect entitlement are able to connect the server.
The OPC UA server instance defines a custom entitlement in addition to the Xentara built-in entitlements to control connect access by users. All users have this entitlement by default unless it is explicitly denied by ACLs.