Profiles and ns

I have following questions about OPCUA tags in Ignition:

  1. How are user profiles and access rights translated to in Ignition OPC server?
  2. how many namespaces are supported in the Ignition OPC server.

Will appreciate your reply.

User profiles don’t have anything to do with the OPC-UA server.

As far as access rights go - when exposing Ignition tags via the OPC-UA server, the tag’s configured access level is honored.

There are currently three namespaces used in the server:
0 - reserved for nodes defined by the OPC foundation.
1 - nodes belonging to the server, including the device folder and all nodes from devices.
2 - used by the “expose sqltags” functionality. nodes representing exposed tags belong to this namespace.

Namespaces are not extensible or accessible to module developers in any way. Aside from their influence on what a node’s NodeId will be they are not something that anybody needs to be concerned with.

Thanks a lot Kevin.
As regards profiles, I thought the access rights depend upon the user profile? i.e. access rights are given to user roles which are defined inprofiles. Correct me if I am wrong.

regarding ns, I think we need to specify the ns of a node that we want to read or write to from a client. To that extent I think we need to know their ns. However if all exposed tags belong to ns=2 then we can specify ns for every exposed node as 2 in the client read/write method.

What about plc/controller/device tags which are written by their respective drivers? Hope they also have ns=2 and how are their access rights defined?


The user/profile is taken into account and “Access Rights” are set to “Custom”. I just took a closer look and it seems the exposed tags functionality writes using the same user that the UA session belongs to. The authentication profile that the OPC-UA server uses can be configured in the server settings on the gateway, so I suppose you can make things line up so that the UA session user is authenticated against the desired profile and has the desired roles.

All exposed tags are in namespace 2 and all tags provided by a driver are in namespace 1. Access rights are only taken into account for exposed tags.

Thanks a lot Kevin. It makes sense to use the access rights for the client for the exposed tags. Also noted that the device/controller tags have ns=1 and the client access rights apply to it for accessing them. Makes sense.
best regards