ABB REL650 Technical Manual page 788
Hide thumbs
Also See for REL650:
- Technical manual (856 pages) ,
- Applications manual (516 pages) ,
- Commissioning manual (208 pages)
Table of Contents
Advertisement
Section 18
Security
782
The successfully activation of Central Account Management will disable built-in
users or remove all local created users from PCM600.
Management of user credentials and roles is handled on the central Account
Management server e.g. SDM600 The IED employs two strategies to ensure
availability of the authentication system even if there is a problem with the network
or authentication server:
•
A substation can be equipped with two redundant authentication servers
operating in a hot standby mode.
•
If configured by the security administrator, the IED itself maintains a local
replica in the database with selected users. This database is periodically
updated with data from the server and used as fallback if none of the servers
are reachable.
Note that not all users in the SDM600 server are part of the replica. There might be
users that are not assigned to any replication group. IED only replicates those users
which are part of replication group configured in the IED.
This replication can be disabled using PCM600 by the security administrator,
which means that the IED will forward login requests to the SDM600 for
authorization and in case of problems with the network users will not be able to log
in to the IED.
If user replication has been disabled in a CAM-enabled IED and if
communication with SDM600 is lost, access to that IED will be
denied until communication is re-established.
All communication between the central management and the IEDs is protected
using secure communication. Customers using SDM600 are required to generate
and distribute certificates during the engineering process of the substation. These
certificates ensure mutual trust between IED and for example SDM600, FTP,
PCM600 and other system.
Table 581:
Authority-related IED functions
Function
Description
Authority status
This function is an indication function block for user logon activity.
ATHSTAT
User denied attempt to logon and user successful logon are reported.
Authority check
To safeguard the interests of our customers, both the IED and the tools that
ATHCHCK
are accessing the IED are protected, by means of authorization handling. The
authorization handling of the IED and the PCM600 is implemented at both
access points to the IED:
•
•
The IED users can be created, deleted and edited only in the CAM server.
Authority
This function enables/disables the maintenance menu. It also controls the
management
maintenance menu logon time out.
AUTHMAN
local, through the local HMI
remote, through the communication ports
1MRK 506 382-UEN A
Line distance protection REL650 2.2 IEC
Technical manual
Hide quick links:
Advertisement
Table of Contents
