Access rights Explanation
UserAdministration UserAdministration is used to handle user management e.g. adding new user
Setting – Basic Setting – Basic is used for basic settings e.g. control settings and limit supervision
Setting – Advanced Setting – Advanced is used for the relay engineer to set settings e.g. for the protection functions
Control – Basic Control – Basic is used for a normal operator without possibility to bypass safety functions e.g.
interlock or synchro-check bypass
Control – Advanced Control – Advanced is used for an operator that is trusted to do process commands that can be
dangerous
IEDCmd – Basic IEDCmd – Basic is used for commands to the IED that are not critical e.g. Clear LEDs, manual
triggering of disturbances
IEDCmd – Advanced IEDCmd – Advanced is used for commands to the IED that can hide information e.g. Clear
disturbance record
FileTransfer – Limited FileTransfer - Limited is used for access to disturbance files e.g. through FTP
DB Access normal Database access for normal user. This is needed for all users that access data from PCM
Audit log read Audit log read allows reading the audit log from the IED
Setting – Change Setting Group Setting – Change Setting Group is separated to be able to include the possibility to change the
setting group without changing any other setting
Security Advanced Security Advanced is the privilege required to do some of the more advanced security-related
settings
IED users can be created, deleted and edited only in the SDM600 server. From the
LHMI or PCM600, no users can be created nor changed when Central Account
Management has been enabled in the IED. However, user rights are edited using
the PCM600 user tool (IEDUM) and password can be changed from PCM600 or
LHMI.
At delivery
, the IED has a default Administrator defined with full access rights.
PCM600 uses this default user to access the IED. This user is automatically
removed in IED when users are defined in the SDM600 server and replicated to the
IED.
Only characters A - Z, a - z and 0 - 9 shall be used in user names.
User names are not case sensitive. For passwords see the Password
policies.
In order to allow the IED to communicate with PCM600 when
users are defined in the SDM600 server, the access rights
“UserAdministration” and “FileT
ransfer — Limited” must be
applied to at least one user. User rights are assigned using the
PCM600 user tool (IEDUM).
"DB Access normal" and "FileTransfer – Limited" are required for
PCM600 access to the IED.
1MRK 511 399-UEN B Section 5
Central Account Management
670 series 2.2 IEC 67
Cyber security deployment guideline
To Next Page
Loading...
