Skip to main content

General

UNS Topic Permissions

Control access to UNS Explorer nodes using path-based role permissions.

Proxus allows administrators to control which parts of the Unified Namespace (UNS) each role can access. This is done through UNS Topic Permissions, where you define path prefixes that are either allowed or denied for specific roles.

How It Works

Each role can have multiple UNS Topic Permissions configured. Each permission has:

UNS Path-based Permissions List
UNS Path-based Permissions List

FieldDescription
Path PrefixThe UNS path to control (e.g., Apex_Automotive/Body_Shop)
Access TypeAllow or Deny
Is EnabledToggle to enable/disable the permission

Allow/Deny Configuration Detail
Allow/Deny Configuration Detail

Permission Evaluation Logic

Proxus uses a "Longest Prefix Match Wins" algorithm:

info

Most specific rule wins. If a user has both an Allow and Deny rule that match a path, the longer (more specific) prefix takes precedence.

Example

RuleType
Apex_AutomotiveDeny
Apex_Automotive/Body_ShopAllow
Apex_Automotive/UtilitiesAllow

Result:

  • Apex_Automotive → Denied (14 chars)
  • Apex_Automotive/Paint_Shop → Denied (inherits from Apex_Automotive)
  • Apex_Automotive/Body_Shop → Allowed (26 chars > 14 chars)
  • Apex_Automotive/Body_Shop/BIW_Line → Allowed (inherits from Body_Shop)
  • Apex_Automotive/Utilities → Allowed

Configuring Permissions via Role Editor

Go to Administration → Roles and select or create a role.

Open UNS Topic Permissions

Click the UNS Topic Permissions tab.

Add Permission

Click New to add a permission.

Configure

Enter the Path Prefix (e.g., Apex_Automotive/Body_Shop), select Access Type (Allow or Deny), and ensure Is Enabled is checked.

Save

Click Save to apply the changes.

Quick Permission Assignment (Admin Context Menu)

Administrators can quickly assign permissions directly from the UNS Explorer:

UNS Explorer Admin Context Menu
UNS Explorer Admin Context Menu

Open UNS Explorer

Navigate to Data Management → UNS Explorer.

Right-Click on Node

Right-click on any node in the tree.

Select Action

Choose Allow Access to Role... or Deny Access for Role....

Select Role

Pick a role from the popup and click Apply.

The permission is immediately saved to the selected role.

Best Practices

lightbulb

Start Restrictive, Then Allow Specific Paths. A common pattern is to deny access at a high level and then allow specific areas.

Example Pattern

  1. Deny: Apex_Automotive (blocks everything by default)
  2. Allow: Apex_Automotive/Body_Shop (operators can see Body Shop)
  3. Allow: Apex_Automotive/Utilities (maintenance can see Utilities)

Path Format

  • Use forward slashes / as separators
  • Paths are case-sensitive
  • No leading or trailing slashes needed
  • Example: Enterprise/Site/Area/Line/Device

Troubleshooting

IssueSolution
User sees no data in UNS ExplorerCheck if role has any Allow permissions configured
User sees data they shouldn'tCheck for overly broad Allow rules or missing Deny rules
Permission changes not taking effectUser may need to log out and back in
Deny rule not blocking accessA more specific Allow rule may be overriding it
← Previous
Authentication Providers
Next →
System Audit Trail