[ ] I ran tests locally with my changes, all passed.
[ ] I fixed all failing tests in the CI pipelines.
[ ] I fixed all introduced issues with CodeQL and LGTM.
[ ] I have added tests that prove my fix is effective or that my feature works and increased code coverage.
[ ] I have added necessary documentation (if appropriate).
[ ] Any dependent changes have been merged and published in downstream modules.
Further comments
After investigation I came to the following conclusion:
creating a MI is correctly validating the role permissions
however changing the user identity after the MI exists you are still allowed to receive data changes.
Test Setup:
Reference Server
Node: ns=2 nodeId=AccessRights_RolePermissions_ConfigureAdmin
node creation:
Client 1: Configure Admin (sysadmin) ->sucessfully monitor node
Client 2: Anonymous -> cant create MI
Client 1: -> change user identity to anonymous -> still monitors node
Client 2: -> write node
Client 1-> receives Data change even though it should not be able to
Proposed changes
Adds a validation of the RolePermissions for MonitoredItems monitoring the Value of a Node.
The validation is already in place for event monitored items and is also added for dataChangeMonitoredItems with this PR.
Related Issues
Types of changes
Checklist
Further comments
After investigation I came to the following conclusion:
creating a MI is correctly validating the role permissions however changing the user identity after the MI exists you are still allowed to receive data changes. Test Setup:
Reference Server Node: ns=2 nodeId=AccessRights_RolePermissions_ConfigureAdmin node creation:
Client 1: Configure Admin (sysadmin) ->sucessfully monitor node Client 2: Anonymous -> cant create MI Client 1: -> change user identity to anonymous -> still monitors node Client 2: -> write node Client 1-> receives Data change even though it should not be able to