User Documentation

ManualsBrandsWeidmueller ManualsAutomation & SoftwareUC20-SL2000-EC Currently only available in combination with Runtime-License (2638920000).

Table Of Contents

Table of contents
1 Introduction
- 1.1 Purpose of the document
- 1.2 Requirements
- 1.3 Intended use
- 1.4 Notes on this document
  - 1.4.1 Contents of the document
  - 1.4.2 Not contained in this document
- 1.5 Further documentation
- 1.6 Relevant countries and registrations
2 Safety instructions
- 2.1 Representation
- 2.2 General safety information
- 2.3 Personnel safety
- 2.4 Safety instructions for projecting
3 System overview
- 3.1 Hardware architecture
- 3.2 Software structure
- 3.3 Network design
- 3.4 u-control - CPU modules
- 3.5 Buses
- 3.6 u-create studio Toolsuite
- 3.7 Libraries and interfaces
4 Operating behavior
- 4.1 Start-up
5 Software installation
- 5.1 Install firmware of the control
6 Configuration
- 6.1 Data exchange between control and visualization
7 Program development
- 7.1 Task priorities
- 7.2 Fast control
- 7.3 Device Service
8 Licensing
- 8.1 Trial license
  - 8.1.1 Activation of a trial license (single user license)
  - 8.1.2 Activation of a trial license (runtime license)
- 8.2 Activating a single-user license (software on the PC)
- 8.3 Activating a runtime license (software on the device)
- 8.4 License status and license overview
- 8.5 Device replacement
  - 8.5.1 PC replacement (single-user license)
  - 8.5.2 Device replacement (runtime license)
- 8.6 Reset the license information
9 Device Administration (DevAdmin)
- 9.1 Tab "Diag."
- 9.2 Tab "Config."
- 9.3 Tab "Backup/Restore"
- 9.4 Tab "Plugins"
  - 9.4.1 Add plugin to DevAdmin
- 9.5 Change password for DevAdmin
10 Software units
- 10.1 Creating a software unit
- 10.2 Example meta.xml
11 OPC UA Server
- 11.1 Overview of variants
- 11.2 Establishing a connection
- 11.3 Server configuration
- 11.4 Generic variable tree
- 11.5 Creating an information model
- 11.6 Logging of server operation
12 Node-RED
13 LongtermDiagnosticMonitor
- 13.1 Monitor
14 Data recorder
- 14.1 Configuration
- 14.2 Data recording
- 14.3 Reading out the buffer
- 14.4 Recording callback from the application
- 14.5 Data locality and real-time
- 14.6 Size limitations
- 14.7 Appendix: C interface
15 Diagnostics
- 15.1 Control diagnosis
  - 15.1.1 Error codes
- 15.2 Diagnosis data for Weidmüller
  - 15.2.1 Status report
  - 15.2.2 Access to flash storage medium
- 15.3 USB via Ethernet adapter
16 Maintenance
- 16.1 Executing a firmware update of the system components
  - 16.1.1 Firmware-Update for devices
  - 16.1.2 Automatic update during boot-up
17 Technical data
18 Directives and standards
19 Appendix: Tutorial - creating an IEC project
- 19.1 Creating a new project
- 19.2 Creating a simple program
- 19.3 Saving u-create studio project
- 19.4 Load firmware onto device
- 19.5 Configuration of the control
- 19.6 Compiling project and uploading onto control
- 19.7 Starting the project
20 Appendix: Addressing in the Ethernet (basics)
21 Appendix: Tutorial FoE
22 Appendix: Tutorial - call C function from IEC
- 22.1 Preconditions and needed components
- 22.2 Task
- 22.3 Creating the C function and download
- 22.4 Calling the IEC funtion in the IEC application and download
Index

OPC UA Server

System manual

2696790000/02/04.2020

</Instances>

</OpcUAInformationModel>

Role-based authorization model

The OPC UA Server supports the assignment of access rights for users

based on user roles. These access rights only apply to the nodes defined in

the XML file and when the client logs on with a user name and password. An

anonymous client has full access to all nodes.

In the user administration, users and roles must be created and one or more

roles assigned to the users. The role names in XML must match the names

in the user administration. When an OPC UA client connects to the server,

the server accesses the user administration to read the authentication data

and roles of the client. Authorizations are assigned to the created roles in

XML. These rights only apply to the nodes instantiated by the XML. If rights

for roles have already been assigned in the user administration, these are

not considered by the OPC UA Server. Before each request, the OPC UA

Server checks whether the roles of the user meet the requirements for ac-

cess rights.

If access to values of variable nodes is desired, the access permissions set

for the respective variable node (AccessLevel attribute) are also checked

beforehand. If, for example, the value of a variable node is not writable, the

client cannot execute a write command, even if the authorizations are given

based on the role assignment.

Global rights

Before variables and objects can be instantiated (XML Instances entry),

roles and authorizations must be assigned globally. The permissions are de-

fined as bitmasks and correspond to access type (PermissionType), de-

fined in the OPC UA specification, Part 3.

With a terminating zero, a role name can only be a maximum of 128 charac-

ters long. A maximum of 30 different roles are supported. The authorizations

are interpreted as hexadecimal numbers. The prefix "0x" is optional. Upper

and lower case of the hex number (0xAABB or 0xaabb) is not taken into ac-

count.

Example

The following code extract shows the definition of 2 roles with rights. The

role "Observer" can run through the tree and only has read access to the in-

stanced nodes. The "Operator" role can also write.

<RolePermission RoleName="Observer" Permissions="0x21"/> <!-- Bit 0 -

Browse, Bit 5 - Read -->

<RolePermission RoleName="Operator" Permissions="0x61"/> <!-- Bit 0 -

Browse, Bit 5 - Read, Bit 6 - Write -->

</DefaultRolePermissions>

A user without roles or with roles that were not defined globally in XML only

has access to the standard address space of OPC UA and the variable tree.

The same applies if no global role has been defined in XML. If a user has

several roles, all the rights of the roles are taken into account.