ValidateRolePermissions for MIs montioring the Value of a Node #2808
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Proposed changes
Adds a validation of the RolePermissions for MonitoredItems monitoring the Value of a Node.
The validation is already in place for event monitored items and is also added for dataChangeMonitoredItems with this PR.
Related Issues
Types of changes
Checklist
Further comments
After investigation I came to the following conclusion:
creating a MI is correctly validating the role permissions
however changing the user identity after the MI exists you are still allowed to receive data changes.
Test Setup:
Reference Server
Node: ns=2 nodeId=AccessRights_RolePermissions_ConfigureAdmin
node creation:
Client 1: Configure Admin (sysadmin) ->sucessfully monitor node
Client 2: Anonymous -> cant create MI
Client 1: -> change user identity to anonymous -> still monitors node
Client 2: -> write node
Client 1-> receives Data change even though it should not be able to