The new user role system in the B&R Automation Studio software development environment simplifies management of OPC UA access rights. This feature prevents unauthorized users from accessing an OPC UA system, modifying data or performing certain actions.
Any number of roles can be defined, which can then be assigned individual access rights for each node. Typical access rights include reading, writing or browsing. It is even possible to completely hide a node so that it is invisible to members of a specific role group. To make configuration even easier, the rights of a parent node can be inherited by its children.
A user is assigned one or more roles, with additional protection provided by an encrypted password. The user role system can also be updated during operation. This includes, for example, assigning a username and password to a new system operator. These functions are available directly in the application program on the controller using function blocks.
In order to ensure secure and trusted data exchange, digital certificates in accordance with the X.509 standard can be used in the OPC UA system. The Transport Layer Security (TLS) subsystem in Automation Studio and Automation Runtime support the management of these certificates. Certificates can be displayed, created and transferred to the certificate store on the OPC UA server.