namespace ZB.MOM.WW.OtOpcUa.Core.Abstractions; ///

/// Every OPC UA operation surface the Phase 6.2 authorization evaluator gates, per /// docs/v2/implementation/phase-6-2-authorization-runtime.md §Stream C and /// decision #143. The evaluator maps each operation onto the corresponding /// NodePermissions bit(s) to decide whether the calling session is allowed. ///

/// /// Write is split out into / / /// because the underlying driver-reported /// already carries that distinction — the /// evaluator maps the requested tag's security class to the matching operation value /// before checking the permission bit. /// public enum OpcUaOperation { ///

/// Browse + TranslateBrowsePathsToNodeIds. Ancestor visibility implied /// when any descendant has a grant; denied ancestors filter from browse results. ///

Browse, ///

Read on a variable node.

Read, ///

Write when the target has / .

WriteOperate, ///

Write when the target has .

WriteTune, ///

Write when the target has .

WriteConfigure, ///

HistoryRead — uses its own NodePermissions.HistoryRead bit; Read alone is NOT sufficient (decision in Phase 6.2 Compliance).

HistoryRead, ///

HistoryUpdate — annotation / insert / delete on historian.

HistoryUpdate, ///

CreateMonitoredItems. Per-item denial in mixed-authorization batches.

CreateMonitoredItems, ///

TransferSubscriptions. Re-evaluates transferred items against current auth state.

TransferSubscriptions, ///

Call on a Method node.

Call, ///

Alarm Acknowledge.

AlarmAcknowledge, ///

Alarm Confirm.

AlarmConfirm, ///

Alarm Shelve / Unshelve.

AlarmShelve, }