Table 7: Default users
User name User rights
SuperUser Full rights, only presented in LHMI. LHMI is logged on by default until other users
are defined
Guest Only read rights, only presented in LHMI. LHMI is logged on by default when
other users are defined (same as VIEWER)
Administrator Full rights. Password: Administrator. This user has to be used when reading out
disturbances with third party FTP-client.
Table 8: Predefined user roles according to IEC 62351-8
User roles Role explanation User rights
VIEWER Viewer Can read parameters and browse the menus from LHMI
OPERATOR Operator Can read parameters and browse the menus as well as
perform control actions
ENGINEER Engineer Can create and load configurations and change settings
for the IED and also run commands and manage
disturbances
INSTALLER Installer Can load configurations and change settings for the IED
SECADM Security
administrator
Can change role assignments and security settings. Can
deploy certificates.
SECAUD Security auditor Can view audit logs
RBACMNT RBAC
management
Can change role assignment
ADMINISTRATOR Administrator
rights
Sum of all rights for SECADM, SECAUD and RBACMNT
This User role is vendor specific and
not defined in IEC 62351–8
Changes in user management settings do not cause an IED reboot.
The PCM600 tool caches the login credentials after successful login
for 15 minutes. During that time no more login will be necessary.
The successfully activation of Central Account Management will disable built-in
users or remove all local created users from PCM600.
Management of user credentials and roles is handled on the central Account
Management server e.g. SDM600 The IED employs two strategies to ensure
availability of the authentication system even if there is a problem with the network
or authentication server:
Section 5 1MRK 511 399-UEN B
Central Account Management
64 670 series 2.2 IEC
Cyber security deployment guideline
To Next Page
Loading...
