How to control PLC OPC/UA variable from third party access

Mapp view HMI connected via OPC/UA with PLC - I want to know how to control OPC/UA variable from third party device access.
if we remove check mark from browse in OPC/UA file, it will not allow browse to another device but if someone is knowing variable name already then it is accessible. how to prevent that?

You need to set the wanted access rights for different roles in the OPC UA Default View Configuration. Role Everyone is used also for “Anonymous” user, so clients without authentication. If there are no roles set here, all nodes are visible for all users.
OPC UA Default View Configuration

The roles and users belonging to those roles are set in the user role system.
User Role System Configuration

Is it possible to add restriction based on number of clients?
Means allow only with machine HMI and restrict for other clients to browse and read/write.

The access rights of roles is independent of the clients accessing the server.

I’ve never tried on my own, but it should be possible to restrict the complete access to the OPC UA server:

  • either by using authentication via TLS certificate (means: access to the OPC UA server is only granted with a dedicated client certificate - the client(s) who use this certificate can access the server, others can’t … more about certificates see here)
  • or by using the PLC’s firewall, and grant access to the OPC UA server port only from dedicated IP addresses (see here)

Hello @VinMil

It looks like you got some good answers from Tommi Piiparinen and Alexander Hefner, and it has been a couple of weeks since the last activity on this post. If the answers helped you with your question, can you help the next person with the same question by marking the solution on the information which helped you the most. If you still have open questions on this topic, can you provide an update?

Thank you!