"Security User Access Control Base" Profile

 Description A Server that supports this profile supports restricting some level of access to some Nodes in the AddressSpace based on the validated user.
 URI http://opcfoundation.org/UA-Profile/Security/UserAccessBase

This page lists the conformance units of the selected profile with their name and description.
Conformance units that are inherited via included Profiles are not listed by default. Use the following radio buttons to change this default behaviour.






Address Space Model
Include  Name Opt.  Description  From Profile
Address Space User Access Level Base Implements User Access Level Security for Variable nodes, this includes at least two users in the system. This includes an indication of read, write, historical read and Historical write access to the value attribute  

Security
Include  Name Opt.  Description  From Profile
Security User Name Password The Server supports User Name/Password combination(s). The token will be encrypted if required by the security policy of the User Token Policy or by the security policy of the endpoint. An unencrypted token either requires message encryption or means outside the scope of OPC UA to secure the identity token so that it cannot be retrieved by sniffing the communication. One option would be a secure transport like a VPN.  
Security User X509 The Server supports a public/private key pair for user identity. The administrator shall be able to enable or disable the use of this feature including all validation steps which are defined for application instance certificates.  
Security User IssuedToken Kerberos The Server supports a Kerberos Server token for User Identity. The use of this feature must be able to be enabled or disabled by an Administrator. The use of this token is defined in Kerberos Token Documentation.
The token will be encrypted if required by the security policy of the User Token Policy or by the security policy of the endpoint. An unencrypted token either requires message encryption or means outside the scope of OPC UA to secure the identity token so that it cannot be retrieved by sniffing the communication. One option would be a secure transport like a VPN.
 
Security User IssuedToken Kerberos Windows The Server supports the Windows implementation of Kerberos Tokens. This ConformanceUnit only applies if the "Security User IssuedToken Kerberos" is supported.
The token will be encrypted if required by the security policy of the User Token Policy or by the security policy of the endpoint. An unencrypted token either requires message encryption or means outside the scope of OPC UA to secure the identity token so that it cannot be retrieved by sniffing the communication. One option would be a secure transport like a VPN.