Files
lmxopcua/src/Core/ZB.MOM.WW.OtOpcUa.Core.Abstractions/OpcUaOperation.cs
T
Joseph Doherty 9cad9ed0fc
v2-ci / build (push) Failing after 41s
v2-ci / unit-tests (tests/Core/ZB.MOM.WW.OtOpcUa.Cluster.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.ControlPlane.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.OpcUaServer.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.Runtime.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.Security.Tests) (push) Has been skipped
v2-ci / integration (tests/Server/ZB.MOM.WW.OtOpcUa.Host.IntegrationTests) (push) Has been skipped
v2-ci / integration (tests/Server/ZB.MOM.WW.OtOpcUa.OpcUaServer.IntegrationTests) (push) Has been skipped
docs(xmldoc): fill missing XML docs + strip tracking-ID comments across src
Adds <summary>/<param>/<returns>/<inheritdoc> where missing and removes
project bookkeeping IDs (task/tracking refs) from shipped code comments,
so the docs read cleanly and CommentChecker is quiet except for known
false positives (PLC/protocol terms, event/IEqualityComparer inheritdoc).
Doc/comment-only; no logic changed; solution builds clean.
2026-07-07 12:38:39 -04:00

60 lines
2.4 KiB
C#

namespace ZB.MOM.WW.OtOpcUa.Core.Abstractions;
/// <summary>
/// Every OPC UA operation surface the Phase 6.2 authorization evaluator gates, per
/// <c>docs/v2/implementation/phase-6-2-authorization-runtime.md</c> §Stream C.
/// The evaluator maps each operation onto the corresponding
/// <c>NodePermissions</c> bit(s) to decide whether the calling session is allowed.
/// </summary>
/// <remarks>
/// Write is split out into <see cref="WriteOperate"/> / <see cref="WriteTune"/> /
/// <see cref="WriteConfigure"/> because the underlying driver-reported
/// <see cref="SecurityClassification"/> already carries that distinction — the
/// evaluator maps the requested tag's security class to the matching operation value
/// before checking the permission bit.
/// </remarks>
public enum OpcUaOperation
{
/// <summary>
/// <c>Browse</c> + <c>TranslateBrowsePathsToNodeIds</c>. Ancestor visibility implied
/// when any descendant has a grant; denied ancestors filter from browse results.
/// </summary>
Browse,
/// <summary><c>Read</c> on a variable node.</summary>
Read,
/// <summary><c>Write</c> when the target has <see cref="SecurityClassification.Operate"/> / <see cref="SecurityClassification.FreeAccess"/>.</summary>
WriteOperate,
/// <summary><c>Write</c> when the target has <see cref="SecurityClassification.Tune"/>.</summary>
WriteTune,
/// <summary><c>Write</c> when the target has <see cref="SecurityClassification.Configure"/>.</summary>
WriteConfigure,
/// <summary><c>HistoryRead</c> — uses its own <c>NodePermissions.HistoryRead</c> bit; Read alone is NOT sufficient (decision in Phase 6.2 Compliance).</summary>
HistoryRead,
/// <summary><c>HistoryUpdate</c> — annotation / insert / delete on historian.</summary>
HistoryUpdate,
/// <summary><c>CreateMonitoredItems</c>. Per-item denial in mixed-authorization batches.</summary>
CreateMonitoredItems,
/// <summary><c>TransferSubscriptions</c>. Re-evaluates transferred items against current auth state.</summary>
TransferSubscriptions,
/// <summary><c>Call</c> on a Method node.</summary>
Call,
/// <summary>Alarm <c>Acknowledge</c>.</summary>
AlarmAcknowledge,
/// <summary>Alarm <c>Confirm</c>.</summary>
AlarmConfirm,
/// <summary>Alarm <c>Shelve</c> / <c>Unshelve</c>.</summary>
AlarmShelve,
}