From 4bee42cef678e297e00c971fdcfa6539aff621bd Mon Sep 17 00:00:00 2001 From: Roman Ettlinger Date: Wed, 23 Oct 2024 16:57:42 +0200 Subject: [PATCH 1/2] ValidateRolePermissions for MIs montioring the Value of a Node --- Libraries/Opc.Ua.Server/Diagnostics/MonitoredNode.cs | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Libraries/Opc.Ua.Server/Diagnostics/MonitoredNode.cs b/Libraries/Opc.Ua.Server/Diagnostics/MonitoredNode.cs index 640052e78..6c4676904 100644 --- a/Libraries/Opc.Ua.Server/Diagnostics/MonitoredNode.cs +++ b/Libraries/Opc.Ua.Server/Diagnostics/MonitoredNode.cs @@ -294,6 +294,15 @@ public void OnMonitoredNodeChanged(ISystemContext context, NodeState node, NodeS if (monitoredItem.AttributeId == Attributes.Value && (changes & NodeStateChangeMasks.Value) != 0) { + // validate if the monitored item has the required role permissions to read the value + ServiceResult validationResult = NodeManager.ValidateRolePermissions(new OperationContext(monitoredItem), node.NodeId, PermissionType.Read); + + if (ServiceResult.IsBad(validationResult)) + { + // skip reading the value MonitoredItem without permissions + continue; + } + QueueValue(context, node, monitoredItem); continue; } From dfa4c9a122e84c13cfd1f6793f54db592f430547 Mon Sep 17 00:00:00 2001 From: Roman Ettlinger Date: Wed, 23 Oct 2024 17:47:11 +0200 Subject: [PATCH 2/2] fix typo --- Libraries/Opc.Ua.Server/Diagnostics/MonitoredNode.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Libraries/Opc.Ua.Server/Diagnostics/MonitoredNode.cs b/Libraries/Opc.Ua.Server/Diagnostics/MonitoredNode.cs index 6c4676904..53b451107 100644 --- a/Libraries/Opc.Ua.Server/Diagnostics/MonitoredNode.cs +++ b/Libraries/Opc.Ua.Server/Diagnostics/MonitoredNode.cs @@ -299,7 +299,7 @@ public void OnMonitoredNodeChanged(ISystemContext context, NodeState node, NodeS if (ServiceResult.IsBad(validationResult)) { - // skip reading the value MonitoredItem without permissions + // skip if the monitored item does not have permission to read continue; }