.. _access-control:

Access Control Plugin API
=========================
The access control callback is used to authenticate sessions and grant access
rights accordingly.

.. code-block:: c

   
   struct UA_AccessControl;
   typedef struct UA_AccessControl UA_AccessControl;
   
   struct UA_AccessControl {
       void *context;
       void (*deleteMembers)(UA_AccessControl *ac);
   
       /* Supported login mechanisms. The server endpoints are created from here. */
       size_t userTokenPoliciesSize;
       UA_UserTokenPolicy *userTokenPolicies;
       
       /* Authenticate a session. The session context is attached to the session and
        * later passed into the node-based access control callbacks. */
       UA_StatusCode (*activateSession)(UA_Server *server, UA_AccessControl *ac,
                                        const UA_NodeId *sessionId,
                                        const UA_ExtensionObject *userIdentityToken,
                                        void **sessionContext);
   
       /* Deauthenticate a session and cleanup */
       void (*closeSession)(UA_Server *server, UA_AccessControl *ac,
                            const UA_NodeId *sessionId, void *sessionContext);
   
       /* Access control for all nodes*/
       UA_UInt32 (*getUserRightsMask)(UA_Server *server, UA_AccessControl *ac,
                                      const UA_NodeId *sessionId, void *sessionContext,
                                      const UA_NodeId *nodeId, void *nodeContext);
   
       /* Additional access control for variable nodes */
       UA_Byte (*getUserAccessLevel)(UA_Server *server, UA_AccessControl *ac,
                                     const UA_NodeId *sessionId, void *sessionContext,
                                     const UA_NodeId *nodeId, void *nodeContext);
   
       /* Additional access control for method nodes */
       UA_Boolean (*getUserExecutable)(UA_Server *server, UA_AccessControl *ac,
                                       const UA_NodeId *sessionId, void *sessionContext,
                                       const UA_NodeId *methodId, void *methodContext);
   
       /* Additional access control for calling a method node in the context of a
        * specific object */
       UA_Boolean (*getUserExecutableOnObject)(UA_Server *server, UA_AccessControl *ac,
                                               const UA_NodeId *sessionId, void *sessionContext,
                                               const UA_NodeId *methodId, void *methodContext,
                                               const UA_NodeId *objectId, void *objectContext);
   
       /* Allow adding a node */
       UA_Boolean (*allowAddNode)(UA_Server *server, UA_AccessControl *ac,
                                  const UA_NodeId *sessionId, void *sessionContext,
                                  const UA_AddNodesItem *item);
   
       /* Allow adding a reference */
       UA_Boolean (*allowAddReference)(UA_Server *server, UA_AccessControl *ac,
                                       const UA_NodeId *sessionId, void *sessionContext,
                                       const UA_AddReferencesItem *item);
   
       /* Allow deleting a node */
       UA_Boolean (*allowDeleteNode)(UA_Server *server, UA_AccessControl *ac,
                                     const UA_NodeId *sessionId, void *sessionContext,
                                     const UA_DeleteNodesItem *item);
   
       /* Allow deleting a reference */
       UA_Boolean (*allowDeleteReference)(UA_Server *server, UA_AccessControl *ac,
                                          const UA_NodeId *sessionId, void *sessionContext,
                                          const UA_DeleteReferencesItem *item);
   };