Mapp view HMI connected via OPC/UA with PLC - I want to know how to control OPC/UA variable from third party device access.
if we remove check mark from browse in OPC/UA file, it will not allow browse to another device but if someone is knowing variable name already then it is accessible. how to prevent that?
You need to set the wanted access rights for different roles in the OPC UA Default View Configuration. Role Everyone is used also for “Anonymous” user, so clients without authentication. If there are no roles set here, all nodes are visible for all users.
OPC UA Default View Configuration
The roles and users belonging to those roles are set in the user role system.
User Role System Configuration
Is it possible to add restriction based on number of clients?
Means allow only with machine HMI and restrict for other clients to browse and read/write.
The access rights of roles is independent of the clients accessing the server.
I’ve never tried on my own, but it should be possible to restrict the complete access to the OPC UA server:
- either by using authentication via TLS certificate (means: access to the OPC UA server is only granted with a dedicated client certificate - the client(s) who use this certificate can access the server, others can’t … more about certificates see here)
- or by using the PLC’s firewall, and grant access to the OPC UA server port only from dedicated IP addresses (see here)
Hello @VinMil
It looks like you got some good answers from Tommi Piiparinen and Alexander Hefner, and it has been a couple of weeks since the last activity on this post. If the answers helped you with your question, can you help the next person with the same question by marking the solution on the information which helped you the most. If you still have open questions on this topic, can you provide an update?
Thank you!
Due to about one month of inactivity, this post will be marked as solved. If you would still like assistance on this topic, please add a new reply with the latest status ![]()
TLS certification is available from which runtime & AS version.
Not that easy to answer, because since introduction of TLS there have been some major changes regarding versions, supported protocols, security and also evolvement of SSL / TLS itself.
In common, TLS was introduced in AR version around >= 4.26 (Automation Studio 4.2), but I’m not aware of the exact version number.
Also, I’m not aware if it was already TLS 1.2, or just TLS 1.0 - I just know, that TLS1.2 is the version in use up to the highest Automation Runtime / Studio version of version families 4.xy.
So from an IT security point of view, it’s also important to know that TLS 1.3 is just available with Automation Runtime / Studio 6.xy, and was introduced with AR >= 6.2.0, if I remember right.
Also important to know: not every PLC communication protocol was available with TLS at the same time/version of AR: OPC UA was supported first, FTPS and ANSL came later, also the possiblities of certificate handling via libraries were introduced later, and so on … that’s the reasons why I mentioned “not that easy to answer”, since the’re many dependencies to want you want to do exactly with TLS.