Write Node Value with AccessLevel CurrentRead

[JayDalton]

Type of Issue
[ ] Bug [ ] Enhancement [ ] Compliance [x] Question [x] Help wanted

Describe the Issue

Hello,
i am using this library in an C++/CLI environment for both, custom server and client application.
Referencing to a closed question from 2019 [#850] i am wondering why i could not write to a variable with UserAccessLevel =CurrentRead. Following the instructions, i can not get success.

To Reproduce
Steps to reproduce the behavior:

So i tried the example in "SampleApplications/Workshop/UserAuthentication" and set some Breakpoints.
I connected me [windows credentials] with an custom client successfully and try to write a new value. I hit the EventHandler "OnReadUserAccessLevel" and raise my AccessLevel. But for some reason, i never hit the EventHandler "OnWriteValue".

Expected behavior
I expected to hit the EventHandler "OnWriteValue" or something else the make my request happend. But it fails to write a new value with message: BadUserAccessDenied.

Is this the right approach for writing values with reduced AccessLevel?
Do I have more opportunities?

Environment (please complete the following information):

• OS: [e.g. Windows 10]
• Development environment: [e.g. Visual Studio 2019 16.8.6]
• Runtime: [e.g. .NET 4.6.2]
• OPC Package Release Version [e.g. 1.4.365.023]
• Component: [e.g. Ua.Quickstart]
• Server: [e.g. Reference Server]
• Client: [e.g. Custom Client]

In C++/CLI I have

• NodeManager inherited from Opc::Ua::Server::CustomNodeManager2
• CustomServer inherited from Opc::Ua::Server::ReverseConnectServer
• ServerApplication with AppConfig etc...

The big goal is to freely access the information model [read/write] from server side where as clients have reduced access defined by UserAccessLevel. Is it necessary to have an session on server side to access?

Thanks in advance!

[AlinMoldovean]

Hi @JayDalton ,

It seems that your Write operation is rejected at ValidateRequest()

 // reject all writes if no user provided.
                if (context.UserIdentity.TokenType == UserTokenType.Anonymous)
                {
                    // construct translation object with default text.
                    TranslationInfo info = new TranslationInfo(
                        "NoWriteAllowed",
                        "en-US",
                        "Must provide a valid windows user before calling write.");

                    // create an exception with a vendor defined sub-code.
                    throw new ServiceResultException(new ServiceResult(
                        StatusCodes.BadUserAccessDenied,
                        "NoWriteAllowed",
                        Namespaces.UserAuthentication,
                        new LocalizedText(info)));
                }

[JayDalton]

At this it kick's me out. Because there is no difference in AccessLevel handling between different users.

So for now I do a tricky thing: Like in the "Quickstart Applications" Demo for "Boiler Server", when creating the information model, i keep the handles of my created variables in a separate Dictionary an write the values "under the hood" without library machanics.

then I write to value by handle

is this a good way to do?

[AlinMoldovean]

Hello @JayDalton ,

The WriteValueAttribute() should also check if the OnReadUserAccessLevel handler is implemented and use the returned value.
The same for ReadValueAttribute().

I will make a fix for this.

[AlinMoldovean]

@JayDalton,

Can you test if the fix from #1413 solves the problem?