0010646: AuditEventType misses SessionId field - MantisBT

10000-005: Information Model
- - All Projects
  - .NET API
  - Certification
  - Compliance Test Tool (CTT) COM Classic
  - Compliance Test Tool (CTT) Unified Architecture
  - CTT UA Binary
  - CTT UA Help
  - CTT UA Package
  - CTT UA Scripts
  - CTT UA Test Case
  - OPC Analyzer
  - Safety Compliance Test Tool (UASCTT)
  - UASCTT Documentation
  - UASCTT Software
  - Specifications
  - Classic DA Client
  - Classic DA Server
  - Safety Test Document
  - UA Client - Certification tests
  - UA Server - Certification tests
  - COM/XML Sample Code
  - COM-AE Sample Code
  - COM-DA Sample Code
  - COM-HDA Sample Code
  - XML-DA Sample Code
  - Core Components
  - OpenSCS
  - UA
  - Field eXchange (UAFX)
  - Part 80: UAFX Overview and Concepts [sg.Architecture]
  - Part 81: UAFX Connecting Devices and Information Model [sg.BaseFacet]
  - Part 82: UAFX Networking [sg.Networking]
  - Part 83: UAFX Offline Engineering [sg.OfflineEngineering]
  - Part 84: UAFX Profiles
  - sg.I/O
  - sg.Instrumentation
  - sg.Motion
  - UAFX Nodeset
  - UAFX Testing (CTT) [sg.TestDevelopment]
  - Information Models
  - 10000-100: Devices
  - 10000-110: Asset Management Basics
  - 10000-200: Industrial Automation - Basics
  - 10000-210: Industrial Automation - Relative Spatial Location
  - 10020: Analyzer Device Integration (ADI)
  - 10030: ISA-95
  - 10031: ISA 95 Job Control
  - 10040: IEC 61850
  - 10100-1: WOT Connectivity
  - 11020: Companion Spec Template
  - 30000: PLCopen
  - 30010: AutoID
  - 30020: MDIS
  - 30030: BACnet
  - 30040: AutomationML
  - 30050: PackML
  - 30060: TMC
  - 30070: MTConnect
  - 30081: PADIM
  - 30090: FDT
  - 30110: Powerlink
  - 30120: IO-Link
  - 30130: CCLink (CSP+ForMachine)
  - 30140: PROFINET
  - 30170: ODVA-CIP
  - 30170: ODVA-CIP: 01: Promises
  - 30170: ODVA-CIP: 02: User Stories
  - 30170: ODVA-CIP: 03: Requirements
  - 30200: Commercial Kitchen Equipment
  - 30250: DEXPI
  - 30270: I4AAS
  - 30400: UA Cloud LIbrary
  - 34100: Energy Consumption Management
  - 40001: Machinery
  - 40010: Robotics
  - 40010-1: Robotics-1: Vertical integration
  - 400nn: PlasticsRubber
  - 40077: PlasticsRubber IMM2MES
  - 40082-1: PlasticsRubber TCD
  - 40082-2: PlasticsRubber HotRunner
  - 40082-3: PlasticsRubber LDS
  - 40082-5: PlasticsRubber Moulds
  - 40083: PlasticsRubber
  - 40083: PlasticsRubber GeneralTypes
  - 40084: PlasticsRubber Extrusion
  - 40084-10: PlasticsRubber Extrusion Calibrator
  - 40084-11: PlasticsRubber Extrusion Corrugator
  - 40084-12: PlasticsRubber Extrusion Calender
  - 40084-1: PlasticsRubber Extrusion GeneralTypes
  - 40084-2: PlasticsRubber Extrusion ExtrusionLine
  - 40084-3: PlasticsRubber Extrusion Extruder
  - 40084-4: PlasticsRubber Extrusion HaulOff
  - 40084-5: PlasticsRubber Extrusion MeltPump
  - 40084-6: PlasticsRubber Extrusion Filter
  - 40084-7: PlasticsRubber Extrusion Die
  - 40084-8: PlasticsRubber Extrusion Pelletizer
  - 40084-9: PlasticsRubber Extrusion Cutter
  - 40100: Machine Vision
  - 40100-1: MachineVision-1: Control and more
  - 40200: Weighing Technology
  - 40210: Geometric Measuring Systems
  - 40223: Pumps and Vacuum Pumps
  - 40250: Compressed Air
  - 40301: Flat Glass
  - 40351: High Pressure Die Casting (HPDC)
  - 40400-1: Powertrain
  - 40450: Joining
  - 40450-1: IJT Joining System – Base
  - 40451: Tightening
  - 40451-1: IJT Tightening System – General
  - 40501: MachineTool
  - 40501-1: MachineTool-1: Monitoring and Job
  - 40502: CNC
  - 40550: Woodworking Machinery
  - 4056n: Mining
  - 40560: Mining General
  - 40561: Mining Extraction Equipment
  - 40562: Mining Loading Equipment
  - 40563: Mining Transport And Dumping Equipment
  - 40564: Mining Mineral Processing Equipment
  - 40565: Mining Development And Support Equipment
  - 40566: Mining Monitoring And Supervision Services
  - 40567: Mining PELO Services
  - 40569: Mining Application And Use Cases
  - 40701: Cleaning-Pretreatment Surface Technology
  - UA Specification
  - 10000-001: Concepts
  - 10000-002: Security
  - 10000-003: Address Space
  - 10000-004: Services
  - 10000-005: Information Model
  - 10000-006: Mappings
  - 10000-007: Profiles
  - 10000-008: Data Access
  - 10000-009: Alarms and Conditions
  - 10000-010: Programs
  - 10000-011: Historical Access
  - 10000-012: Discovery
  - 10000-013: Aggregates
  - 10000-014: PubSub
  - 10000-015: Safety
  - UA Safety Stack
  - UA Safety Stack - Documentation
  - UA Safety Stack - Source Code
  - 10000-016: State Machines
  - 10000-017: Alias Names
  - 10000-018: Role-Based Security
  - 10000-019: Dictionary Reference
  - 10000-020: File Transfer
  - 10000-021: Device Onboarding
  - 10000-022: Base Network Model
  - 10000-023: Common ReferenceTypes
  - 10000-024: Scheduler
  - 10000-025: ObjectSerialization
  - 10000-026: LogObject
  - 10000-110: Asset Management Basics
  - 10000-120: XML Data Type Mapping
  - 10000-200: Industrial Automation - Basics
  - 10000-210: Industrial Automation - Relative Spatial Location
  - Code Generators
  - ModelValidator
  - Feature Requests
  - NodeSets, XSDs and Generated Code
  - Website
  - IOP App
  - Online Reference
  - Profiles Application
  - Teams
  - Whitepapers - 22***
  - OPC-11030: UA Modelling Best Practices
  - Wireshark plug-in
anonymous

ID	Project	Category	View Status	Date Submitted	Last Update

0010646	10000-005: Information Model	Spec	public	2025-12-01 07:34	2025-12-01 07:34

Reporter	Adrian Scholl	Assigned To
Priority	normal	Severity	minor	Reproducibility	always
Status	new	Resolution	open

Summary	0010646: AuditEventType misses SessionId field
Description	The OPC UA AuditEvents can be used to trace different user actions (and related errors) which on the OPC UA server. However, it is not possible to tie all AuditEvents of one specific session together and follow the actions. The SessionId field would be usable, but this is only available for the AuditSession*EventTypes. The AuditUpdateEventType (and Subtypes) as well as the AuditSecurityEventType do not contain a SessionId field. This prevents, that the SessionID which caused this action is transmitted in a generic way. Because of that, it is not possible to recover which client caused a certain operation. The included ClientUserId is not unique (as multiple session from different clients may use the same user), nor the AuditEntryId (which is user a controlled/client controlled value) reliable . It would be possible to add the SessionId to the Message, but this would require vendor specific parsing of the messages within an audit system subscribing to these events, which is not a good either. I would suggest adding the SessionId (type: NodeId) as optional field to the AuditEventType. This would allow following all UserActions which have been taken place in a single session.
Tags	No tags attached.

Commit Version
Fix Due Date

Date Modified	Username	Field	Change
2025-12-01 07:34	Adrian Scholl	New Issue