OPC UA separates Application authentication (the client/server X.509 certificate) from User authentication (the actual end-user login), which can be Anonymous, Username/Password, or User Certificate.
True
OPC UA security is layered on two axes. Application authentication answers "which software is connecting" via the X.509 Application Instance Certificate. User authentication answers "which human or service is operating that software" and is carried through the Session: it can be Anonymous, Username + Password, an X.509 user certificate, or a Kerberos/IssuedToken. This lets a single client application be used by ten different operators with different rights, and lets the server grant Anonymous read-only access while requiring Username/Password for write or Method calls.
Disable Anonymous access entirely as soon as you reach commissioning: even read-only Anonymous endpoints leak the full Address Space structure to any scanner on the network.
OPC UA bank in preparation
The full OPC UA bank isn't available yet. Drop your email to get notified at launch and grab an early-bird discount.
Join the waitlist →See the 9 other OPC UA practice questions
Related questions
- OPC UA supports two communication patterns: Client/Server (the classic Request/Response model) and Pub/Sub (publish/subscribe over MQTT or UDP multicast/unicast), the latter introduced in version 1.04 to address Industrie 4.0 use cases.1. Architecture · Client/Server vs. Pub/Sub
- The OPC UA Address Space is a hierarchical structure of Nodes linked by typed References (HasComponent, HasProperty, HasTypeDefinition, etc.), exposed as a graph that clients can walk through the Browse service.1. Architecture · Address Space
- The main OPC UA Service Sets are: Discovery, SecureChannel, Session, NodeManagement, View, Query, Attribute (Read/Write), MonitoredItem, Subscription, and Method (Call).3. Services · Hauptsächliche Service Sets
- PA-DIM (Process Automation Device Information Model) is an OPC UA Companion Specification for process transmitters (temperature, pressure, flow, level), standardising 70+ parameters that are read identically on Endress+Hauser, Yokogawa, Siemens and ABB devices.6. Companion Specs · PA-DIM
- UaExpert (Unified Automation) is the reference free OPC UA client for Windows, Linux and macOS: it browses the Address Space, reads and writes values, subscribes to changes, calls Methods and manages certificates, and is an indispensable tool for any OPC UA integrator.7. Tools · UaExpert