Arp::System::Um::Commons Namespace Reference

Namespace for shared classes of the User Manager (UM) More...

Namespaces
namespace	Modules
	Namespace for interfaces of modules to be loaded the User Manager (UM)

Classes
class	IAuthenticationProvider
class	IAuthorizationProvider
	Interface to be implemented by an additional authorization provider, which is loaded from a user-provided module. Every loaded authorization provider further restricts the default access rights. More...
class	SessionInfo
	This class a SessionInfo instance with given role list More...

Enumerations
enum class	Operation : uint32 {   None = 0 , Browse = 1 , ReadRoleOperations = 2 , WriteAttribute = 4 ,   WriteRoleOperations = 8 , WriteHistorizing = 16 , ReadValue = 32 , WriteValue = 64 ,   ReadHistory = 128 , InsertHistory = 256 , ModifyHistory = 512 , DeleteHistory = 1024 ,   ReceiveEvents = 2048 , Call = 4096 , AddReference = 8192 , RemoveReference = 16384 ,   DeleteNode = 32768 , AddNode = 65536 , Login = 131072 }
	Allows to describe operations which are requested or allowed on objects. More...
enum class	UmAuthenticationResult {   None = 0 , Success = 1 , Failed = 2 , WrongPassword = 3 ,   PasswordExpired = 4 , PasswordAboutToExpire = 5 , UserLocked = 6 }

Functions
ARP_CXX_SYMBOL_EXPORT std::ostream &	operator<< (std::ostream &os, Operation value)
ARP_CXX_SYMBOL_EXPORT std::istream &	operator>> (std::istream &is, Operation &value)
constexpr Operation	operator& (Operation lhs, Operation rhs)
constexpr Operation	operator| (Operation lhs, Operation rhs)
constexpr Operation &	operator&= (Operation &lhs, Operation rhs)
constexpr Operation &	operator|= (Operation &lhs, Operation rhs)
constexpr Operation	operator~ (Operation arg)
ARP_CXX_SYMBOL_EXPORT std::ostream &	operator<< (std::ostream &os, UmAuthenticationResult value)
ARP_CXX_SYMBOL_EXPORT std::istream &	operator>> (std::istream &is, UmAuthenticationResult &value)

Detailed Description

Namespace for shared classes of the User Manager (UM)

Enumeration Type Documentation

Operation

enum class Arp::System::Um::Commons::Operation : uint32

strong

Allows to describe operations which are requested or allowed on objects.

Each flag describes a single operation. For different kinds of objects only specific operations make sense. This means the others are never granted for an object. An instance of this enum either describes all the operations which are possible / allowed on a paritcular object or set of objects or it describes a single operation which shall be tested whether it is allowed. The ability to express all possible operations in a single value is the reason for designing the enum values as flags. It allows to organize permissions efficiently in RAM.

According to the terminology of the core Role Based Access Control mechanism (RBAC) which was chosen for PLCnext technology a permission is a 2-tuple created from an object and an operation:

permission := { object, operation }

. The values of this enum are inspired by the upcoming OPC UA standard part for "User Authorization" whos number is not yet known. The draft 1.04.11 as of May 10th, 2016 was used. With that draft the terminology is different. There the term "permission" actually describes just an operation.

Whenever this enum is extended please first check carefully whether an existing name already describes the desired operation. This is the case if for the type of objects the name is not yet used and will likely not be used for anything different in the future than the desired operation. Please be economic with adding new flags because their number is limited.

See also

Arp.System.Um.Services.Internal.IAuthorizationService.SessionHasPermissionOnObject

Enumerator
None	No valid permission; default value by RSC-Service REQ
Browse	Following references from or to a specific object. With the Global Data Space (GDS) the operation relates to ports as objects. The operation means that port is visible from a dictionary lookup. Currently this is only meaningful for the built-in OPC UA server when it needs to check for a particular client session whether it is allowed to browse nodes which represent ports in the GDS or not.
ReadRoleOperations	Reserved for future use - see the OPC UA specification.
WriteAttribute	Reserved for future use - see the OPC UA specification.
WriteRoleOperations	Reserved for future use - see the OPC UA specification.
WriteHistorizing	Reserved for future use - see the OPC UA specification.
ReadValue	Reading values of objects. With the Global Data Space (GDS) the operation relates to ports as objects. The operation means that the current value of a port is read. Currently this is only meaningful for the built-in OPC UA server when it needs to check for a particular client session whether it is allowed to read the value attribute of a node which represents a port in the GDS.
WriteValue	Writing values of objects. With the Global Data Space (GDS) the operation relates to ports as objects. The operation means that the current value of a port is changed to another value. Currently this is only meaningful for the built-in OPC UA server when it needs to check for a particular client session whether it is allowed to change the value attribute of a node to a client provided value for a port in the GDS.
ReadHistory	Reserved for future use - see the OPC UA specification.
InsertHistory	Reserved for future use - see the OPC UA specification.
ModifyHistory	Reserved for future use - see the OPC UA specification.
DeleteHistory	Reserved for future use - see the OPC UA specification.
ReceiveEvents	Reserved for future use - see the OPC UA specification.
Call	Calling methods on objects. With the Remoting Service Call gateway (RSC-gateway) the operation relates to methods of Remoting services as objects. This is currently meaningful at the RSC-gateway itself: There the operation is used to describe whether for a particular Remoting client's session it is allowed to call a particular Remoting method of a particular service.
AddReference	Reserved for future use - see the OPC UA specification.
RemoveReference	Reserved for future use - see the OPC UA specification.
DeleteNode	Reserved for future use - see the OPC UA specification.
AddNode	Reserved for future use - see the OPC UA specification.
Login	Login operation for remoting client like ssh.