Skip to content
Snippets Groups Projects
Commit c3d643cb authored by Ahmed Osman's avatar Ahmed Osman
Browse files

Update file README.md

parent 6c758a8e
No related branches found
No related tags found
No related merge requests found
Pipeline #314264 passed
...@@ -35,8 +35,34 @@ To await specific messages, S3IBAsyncClient's awaitMessage method can be used. T ...@@ -35,8 +35,34 @@ To await specific messages, S3IBAsyncClient's awaitMessage method can be used. T
demo2_forestmanager_waldbesitzer.py updates the security submodel, then notifies demo2_forestmanager.py using the demo2_forestmanager_waldbesitzer.py updates the security submodel, then notifies demo2_forestmanager.py using the
S3IBAsyncClient's sendUserMessage Method: S3IBAsyncClient's sendUserMessage Method:
`await client.sendUserMessage(forstify_hmi_id, "s3ibs://" + forstify_hmi_id, "Authorized", "Authorized")` `await client.sendUserMessage(forestmanager_hmi_id, "s3ibs://" + forestmanager_hmi_id, "Authorized", "Authorized")`
(foristify_hmi_id here is a naming mistake)
### Security and Authorization
Security-related data can be stored in the security submodel (refer to /model/security.py). It contains AccessControl, a SubmodelElementList of AccessRuleCollection. The latter is a SubmodelElementCollection, that contains a SubmodelElementList of AccessPermissonRule (a SubmodelElementCollection with the user the permission is being granted to, the permission type for example ALLOW, and the permisson for example READ) and the Target (a ReferenceElement that refers to the AAS-Element the rules apply to).
```
rules = [security.AccessPermissionRule(forestmanager_hmi_id,
security.PermissionKind.ALLOW,
security.Permission.READ),
security.AccessPermissionRule(forestmanager_hmi_id,
security.PermissionKind.ALLOW,
security.Permission.WRITE)]
rules_smc = security.AccessPermissionCollection(
target=model.ModelReference.from_referable(aas_dz_wald),
rules=rules
)
access_control = security.AccessControl(permissions=[rules_smc])
security_sm = security.Security("https://www.company.com/security")
security_sm.add_referable(access_control)
```
Since permission-granting decisions are made by the opa-server (if security enabled), this data must provided (in simpler format) to it and continiously updated (if changes occur). This is handled by the S3IBServer Component utilizing the security.py::get_dict_from_security_submodel method.
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment