diff --git a/documentation/IDTA-01004/modules/ROOT/pages/annex/json-access-rule-examples.adoc b/documentation/IDTA-01004/modules/ROOT/pages/annex/json-access-rule-examples.adoc index 7f4636f..eac2b06 100644 --- a/documentation/IDTA-01004/modules/ROOT/pages/annex/json-access-rule-examples.adoc +++ b/documentation/IDTA-01004/modules/ROOT/pages/annex/json-access-rule-examples.adoc @@ -26,6 +26,13 @@ include::partial$examples/allow-read-complete-api.json[] include::partial$examples/allow-read-list-semanticids.json[] ---- +== Allow READ access for Anonymous to submodels only if machine not-running + +[source,json,linenums] +---- +include::partial$examples/allow-read-list-semanticids-machinestate.json[] +---- + == Allow READ and UPDATE for specific authenticated users [source,json,linenums] diff --git a/documentation/IDTA-01004/modules/ROOT/pages/annex/text-access-rule-examples.adoc b/documentation/IDTA-01004/modules/ROOT/pages/annex/text-access-rule-examples.adoc index cfc7c1c..2d42b4d 100644 --- a/documentation/IDTA-01004/modules/ROOT/pages/annex/text-access-rule-examples.adoc +++ b/documentation/IDTA-01004/modules/ROOT/pages/annex/text-access-rule-examples.adoc @@ -26,6 +26,13 @@ include::partial$examples/allow-read-complete-api.bnf[] include::partial$examples/allow-read-list-semanticids.bnf[] ---- +== Allow READ access for Anonymous to submodels only if machine not-running + +[source,bnf,linenums] +---- +include::partial$examples/allow-read-list-semanticids-machinestate.bnf[] +---- + == Allow READ and UPDATE for specific authenticated users [source,bnf,linenums] diff --git a/documentation/IDTA-01004/modules/ROOT/partials/examples/allow-read-list-semanticids-machinestate.bnf b/documentation/IDTA-01004/modules/ROOT/partials/examples/allow-read-list-semanticids-machinestate.bnf new file mode 100644 index 0000000..4d8316b --- /dev/null +++ b/documentation/IDTA-01004/modules/ROOT/partials/examples/allow-read-list-semanticids-machinestate.bnf @@ -0,0 +1,15 @@ +ACCESSRULE: + ATTRIBUTES: + GLOBAL(ANONYMOUS) + RIGHTS: READ + ACCESS: ALLOW + OBJECTS: + ROUTE "*" + FORMULA: + $and( + REFERENCE($sme("SubmodelID-OperationalData").machineState#value) $eq "not-running", + $or( + $sm#semanticId $eq "SemanticID-Nameplate", + $sm#semanticId $eq "SemanticID-TechnicalData" + ) + ) diff --git a/documentation/IDTA-01004/modules/ROOT/partials/examples/allow-read-list-semanticids-machinestate.json b/documentation/IDTA-01004/modules/ROOT/partials/examples/allow-read-list-semanticids-machinestate.json new file mode 100644 index 0000000..c914c0a --- /dev/null +++ b/documentation/IDTA-01004/modules/ROOT/partials/examples/allow-read-list-semanticids-machinestate.json @@ -0,0 +1,64 @@ +{ + "AllAccessPermissionRules": { + "rules": [ + { + "ACL": { + "ATTRIBUTES": [ + { + "GLOBAL": "ANONYMOUS" + } + ], + "RIGHTS": [ + "READ" + ], + "ACCESS": "ALLOW" + }, + "OBJECTS": [ + { + "ROUTE": "*" + } + ], + "FORMULA": { + "$and": [ + { + "$eq": [ + { + "REFERENCE": { + "$sme(\"SubmodelID-OperationalData\").machineState#value" + } + }, + { + "$strVal": "not-running" + } + ] + }, + { + "$or": [ + { + "$eq": [ + { + "$field": "$sm#semanticId" + }, + { + "$strVal": "SemanticID-Nameplate" + } + ] + }, + { + "$eq": [ + { + "$field": "$sm#semanticId" + }, + { + "$strVal": "SemanticID-TechnicalData" + } + ] + } + ] + } + ] + } + } + ] + } +}