User roles proposal

doc/Security.xml

@@ -1053,7 +1053,11 @@
       <para>
         <itemizedlist>
           <listitem>
-            <para><emphasis>roles</emphasis>: Access class. One of the authenticated classes of the default access policy prefixed with the string <emphasis>onvif:</emphasis>, i.e. "onvif:Administrator", "onvif:Operator" or "onvif:User" as defined also within the ONVIF Core Specification. This access level will be used to authorize access to the required function.</para>
+            <para><emphasis>roles</emphasis>: Access role. One or more user roles, either
+              pre-defined ones or prefixed with the string <emphasis>onvif:</emphasis> .i.e.
+              "onvif:Administrator", "onvif:Operator" or "onvif:User" as defined also within the
+              ONVIF Core Specification,  or custom ones defined on the device. These access roles
+              will be used to authorize access to the required function.</para>
           </listitem>
         </itemizedlist>
       </para>

doc/Uplink.xml

@@ -65,6 +65,14 @@
         </author>
         <revremark>Add support for WebSocket protocol and token authorization.</revremark>
       </revision>
+      <revision>
+        <revnumber>25.06</revnumber>
+        <date>June 2025</date>
+        <author>
+          <personname>Ottavio Campana</personname>
+        </author>
+        <revremark>Add support for user roles.</revremark>
+      </revision>
     </revhistory>
   </info>
   <chapter>
@@ -340,8 +348,8 @@
           <para>CertificateID : ID of the certificate to be used for client authentication.</para>
         </listitem>
         <listitem>
-          <para>UserLevel : Authorization level that will be assigned to the uplink
-            connection</para>
+          <para>UserLevel : List of authorization levels and roles that will be used to restrict the
+            commands that will be accepted through the uplink connection.</para>
         </listitem>
         <listitem>
           <para>Status :  Current connection status</para>

wsdl/ver10/device/wsdl/devicemgmt.wsdl

@@ -10,7 +10,7 @@ IN NO EVENT WILL THE CORPORATION OR ITS MEMBERS OR THEIR AFFILIATES BE LIABLE FO
 -->
 <wsdl:definitions xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:tds="http://www.onvif.org/ver10/device/wsdl" targetNamespace="http://www.onvif.org/ver10/device/wsdl">
 	<wsdl:types>
-		<xs:schema targetNamespace="http://www.onvif.org/ver10/device/wsdl" xmlns:tt="http://www.onvif.org/ver10/schema" xmlns:tds="http://www.onvif.org/ver10/device/wsdl" elementFormDefault="qualified" version="23.12">
+		<xs:schema targetNamespace="http://www.onvif.org/ver10/device/wsdl" xmlns:tt="http://www.onvif.org/ver10/schema" xmlns:tds="http://www.onvif.org/ver10/device/wsdl" elementFormDefault="qualified" version="25.06">
 			<xs:import namespace="http://www.onvif.org/ver10/schema" schemaLocation="../../../ver10/schema/onvif.xsd"/>
 			<!--===============================-->
 			<xs:element name="GetServices">
@@ -272,6 +272,11 @@ IN NO EVENT WILL THE CORPORATION OR ITS MEMBERS OR THEIR AFFILIATES BE LIABLE FO
                     				<xs:documentation>Supported hashing algorithms as part of HTTP and RTSP Digest authentication.Example: MD5,SHA-256</xs:documentation>
 					</xs:annotation>
 				</xs:attribute>
+				<xs:attribute name="MaxUserRoles" type="xs:int">
+					<xs:annotation>
+                    				<xs:documentation>Whenever set to an integer greater than zero, it signals that the device supports editable user levels. It indicates the maximum number of editable user levels.</xs:documentation>
+					</xs:annotation>
+				</xs:attribute>
 				<xs:anyAttribute processContents="lax"/>
 			</xs:complexType>
 			<!--===============================-->
@@ -906,6 +911,53 @@ IN NO EVENT WILL THE CORPORATION OR ITS MEMBERS OR THEIR AFFILIATES BE LIABLE FO
 				</xs:complexType>
 			</xs:element>
 			<!--===============================-->
+			<xs:element name="GetUserRoles">
+				<xs:complexType>
+					<xs:sequence>
+						<xs:element name="UserRole" type="tt:UserRole" minOccurs="0" maxOccurs="1">
+						</xs:element>
+					</xs:sequence>
+				</xs:complexType>
+			</xs:element>
+			<xs:element name="GetUserRolesResponse">
+				<xs:complexType>
+					<xs:sequence>
+						<xs:element name="UserRoles" type="tt:UserRole" minOccurs="0" maxOccurs="unbounded">
+						</xs:element>
+					</xs:sequence>
+				</xs:complexType>
+			</xs:element>
+			<!--===============================-->
+			<xs:element name="SetUserRole">
+				<xs:complexType>
+					<xs:sequence>
+						<xs:element name="UserRole" type="tt:UserRole" minOccurs="1" maxOccurs="1">
+						</xs:element>
+					</xs:sequence>
+				</xs:complexType>
+			</xs:element>
+			<xs:element name="SetUserRoleResponse">
+				<xs:complexType>
+					<xs:sequence>
+					</xs:sequence>
+				</xs:complexType>
+			</xs:element>
+			<!--===============================-->
+			<xs:element name="DeleteUserRole">
+				<xs:complexType>
+					<xs:sequence>
+						<xs:element name="UserRole" type="tt:UserRole" minOccurs="1" maxOccurs="1">
+						</xs:element>
+					</xs:sequence>
+				</xs:complexType>
+			</xs:element>
+			<xs:element name="DeleteUserRoleResponse">
+				<xs:complexType>
+					<xs:sequence>
+					</xs:sequence>
+				</xs:complexType>
+			</xs:element>
+			<!--===============================-->
 			<xs:element name="GetWsdlUrl">
 				<xs:complexType>
 					<xs:sequence>
@@ -2501,6 +2553,24 @@ IN NO EVENT WILL THE CORPORATION OR ITS MEMBERS OR THEIR AFFILIATES BE LIABLE FO
 	<wsdl:message name="SetUserResponse">
 		<wsdl:part name="parameters" element="tds:SetUserResponse"/>
 	</wsdl:message>
+	<wsdl:message name="GetUserRolesRequest">
+		<wsdl:part name="parameters" element="tds:GetUserRoles"/>
+	</wsdl:message>
+	<wsdl:message name="GetUserRolesResponse">
+		<wsdl:part name="parameters" element="tds:GetUserRolesResponse"/>
+	</wsdl:message>
+	<wsdl:message name="SetUserRoleRequest">
+		<wsdl:part name="parameters" element="tds:SetUserRole"/>
+	</wsdl:message>
+	<wsdl:message name="SetUserRoleResponse">
+		<wsdl:part name="parameters" element="tds:SetUserRoleResponse"/>
+	</wsdl:message>
+	<wsdl:message name="DeleteUserRoleRequest">
+		<wsdl:part name="parameters" element="tds:DeleteUserRole"/>
+	</wsdl:message>
+	<wsdl:message name="DeleteUserRoleResponse">
+		<wsdl:part name="parameters" element="tds:DeleteUserRoleResponse"/>
+	</wsdl:message>
 	<wsdl:message name="GetWsdlUrlRequest">
 		<wsdl:part name="parameters" element="tds:GetWsdlUrl"/>
 	</wsdl:message>
@@ -3096,6 +3166,24 @@ IN NO EVENT WILL THE CORPORATION OR ITS MEMBERS OR THEIR AFFILIATES BE LIABLE FO
 			<wsdl:input message="tds:GetEndpointReferenceRequest"/>
 			<wsdl:output message="tds:GetEndpointReferenceResponse"/>
 		</wsdl:operation>
+		<wsdl:operation name="GetUserRoles">
+			<wsdl:documentation>This operation returns the editable user levels configured in the device. Whenever an editable
+				user level is passed in the request, information only about that level is returned.</wsdl:documentation>
+			<wsdl:input message="tds:GetUserRolesRequest"/>
+			<wsdl:output message="tds:GetUserRolesResponse"/>
+		</wsdl:operation>
+		<wsdl:operation name="SetUserRole">
+			<wsdl:documentation>This operation configures an editable user level in the device. If the level
+				passed in UserRole already exists in the device, its configuration is overwritten. Otherwise,
+				a new editable user level is created.</wsdl:documentation>
+			<wsdl:input message="tds:SetUserRoleRequest"/>
+			<wsdl:output message="tds:SetUserRoleResponse"/>
+		</wsdl:operation>
+		<wsdl:operation name="DeleteUserRole">
+			<wsdl:documentation>This operation deletes an editable user level in the device.</wsdl:documentation>
+			<wsdl:input message="tds:DeleteUserRoleRequest"/>
+			<wsdl:output message="tds:DeleteUserRoleResponse"/>
+		</wsdl:operation>
 		<wsdl:operation name="GetRemoteUser">
 			<wsdl:documentation>This operation returns the configured remote user (if any). A device supporting remote user
 				handling shall support this operation. The user is only valid for the WS-UserToken profile or
@@ -3876,6 +3964,33 @@ IN NO EVENT WILL THE CORPORATION OR ITS MEMBERS OR THEIR AFFILIATES BE LIABLE FO
 				<soap:body use="literal"/>
 			</wsdl:output>
 		</wsdl:operation>
+		<wsdl:operation name="GetUserRoles">
+			<soap:operation soapAction="http://www.onvif.org/ver10/device/wsdl/GetUserRoles"/>
+			<wsdl:input>
+				<soap:body use="literal"/>
+			</wsdl:input>
+			<wsdl:output>
+				<soap:body use="literal"/>
+			</wsdl:output>
+		</wsdl:operation>
+		<wsdl:operation name="SetUserRole">
+			<soap:operation soapAction="http://www.onvif.org/ver10/device/wsdl/SetUserRole"/>
+			<wsdl:input>
+				<soap:body use="literal"/>
+			</wsdl:input>
+			<wsdl:output>
+				<soap:body use="literal"/>
+			</wsdl:output>
+		</wsdl:operation>
+		<wsdl:operation name="DeleteUserRole">
+			<soap:operation soapAction="http://www.onvif.org/ver10/device/wsdl/DeleteUserRole"/>
+			<wsdl:input>
+				<soap:body use="literal"/>
+			</wsdl:input>
+			<wsdl:output>
+				<soap:body use="literal"/>
+			</wsdl:output>
+		</wsdl:operation>
 		<wsdl:operation name="GetWsdlUrl">
 			<soap:operation soapAction="http://www.onvif.org/ver10/device/wsdl/GetWsdlUrl"/>
 			<wsdl:input>

wsdl/ver10/schema/onvif.xsd

@@ -3828,6 +3828,22 @@ decoding .A decoder shall decode every data it receives (according to its capabi
 		</xs:restriction>
 	</xs:simpleType>
 	<!--===============================-->
+	<xs:complexType name="UserRole">
+		<xs:sequence>
+			<xs:element name="Name" type="xs:string">
+				<xs:annotation>
+					<xs:documentation>Name of the editable user level.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Functions" type="tt:StringList">
+				<xs:annotation>
+					<xs:documentation>Names of the permitted function for the editable user level. The names must be prepended by the namespace and colon.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+		<xs:anyAttribute processContents="lax"/>
+	</xs:complexType>
+	<!--===============================-->
 	<xs:complexType name="User">
 		<xs:sequence>
 			<xs:element name="Username" type="xs:string">
@@ -3852,6 +3868,11 @@ decoding .A decoder shall decode every data it receives (according to its capabi
 	<!--===============================-->
 	<xs:complexType name="UserExtension">
 		<xs:sequence>
+			<xs:element name="Roles" type="tt:StringList" minOccurs="1" maxOccurs="1">
+				<xs:annotation>
+					<xs:documentation>The names of the roles assigned to the user.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
 			<xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>   <!-- first Vendor then ONVIF -->
 		</xs:sequence>
 	</xs:complexType>

wsdl/ver10/uplink/wsdl/uplink.wsdl

@@ -81,8 +81,8 @@ IN NO EVENT WILL THE CORPORATION OR ITS MEMBERS OR THEIR AFFILIATES BE LIABLE FO
 					<xs:element name="CertificateID" type="xs:string" minOccurs="0">
 						<xs:annotation><xs:documentation>ID of the certificate to be used for client authentication.</xs:documentation></xs:annotation>
 					</xs:element>
-					<xs:element name="UserLevel" type="xs:string">
-						<xs:annotation><xs:documentation>Authorization level that will be assigned to the uplink connection.</xs:documentation></xs:annotation>
+					<xs:element name="UserLevel" type="tt:StringList">
+						<xs:annotation><xs:documentation>List of authorization levels and roles that will be used to retrict the commands that will be accepted through the uplink connection.</xs:documentation></xs:annotation>
 					</xs:element>
 					<xs:element name="Status" type="xs:string" minOccurs="0">
 						<xs:annotation><xs:documentation>Current connection status (see tup:ConnectionStatus for possible values).</xs:documentation></xs:annotation>