May 4, 2026 - Improvements in authorization and permission of OPCUA management service endpoints

Change Log Device Management & connectivity
, , ,
1

Context

Change Type: Feature
Product area: Device management & connectivity
Component: OPC UA
Deployed at: eu.latest.cumulocity.com, apj.cumulocity.com, jp.cumulocity.com, cumulocity.com, us.cumulocity.com

Technical details

Build artifact: opcua (1023.2.0)
Internal ID: DM-5342

Description

To improve security and access control for the OPC UA management service, permission requirements have been clarified and enforced for all management API endpoints. Users now need specific OPC UA permissions to interact with the service. To view OPC UA resources — such as device types, OPC UA server configurations, address space nodes, and search results — users require the OPC UA READ permission. To create, update, or delete device types, server configurations, or device type mapping entries, users require the OPC UA ADMIN permission. Administrators can assign the necessary OPC UA permissions to users under Administration > Accounts > Users, Roles.