The user role system in B&R's 'Automation Studio' automation software makes it easier to manage access authorizations in OPC UA. Unauthorized users cannot access the OPC UA system and change data or perform actions. Any number of roles can be defined, which in turn can be assigned individual access rights for each node. Typical access types are, for example, read, write and browse. A node can also be made completely invisible for a role. To save configuration effort, the rights of the higher-level node can be inherited. One or more roles are assigned to a user and access is protected by an encrypted password. The user-role system can be expanded during operation. For example, a new system operator can be added or removed with a new user name and password. These functions are called up in the user program of the control system via function blocks. Digital certificates in accordance with the X.509 standard can be used in the OPC UA system for the secure and trustworthy exchange of data.