GE G30 Instruction Manual page 196

PRODUCT SETUP
DEVICE AUTHENTICATION —
authentication with roles is enabled. When this setting is disabled, the UR only authenticates to the AAA server (RADIUS).
However, the Administrator and Supervisor (when enabled) remain active even after device authentication is disabled and
their only permission is to re-enable Device authentication. To re-enable Device authentication, the Supervisor unlocks the
device for settings changes, then the Administrator re-enables device authentication.
— The bypass security feature provides an easier access, with no authentication and encryption for those
BYPASS ACCESS
special situations when this is considered safe. Only the Supervisor, or the Administrator when the Supervisor role is
disabled, can enable this feature.
Mode
Normal mode
Bypass access mode
The bypass options are as follows:
• Local — Bypasses authentication for push buttons, keypad, RS232, and RS485
• Remote — Bypasses authentication for Ethernet
• Local and Remote — Bypasses authentication for push buttons, keypad, RS232, RS485, and Ethernet
• Pushbuttons — Bypasses authentication for front panel push buttons only
— This setting uses a Boolean value (Enabled/Disabled) to indicate if the device accepts settings changes and
LOCK RELAY
whether the device can receive a firmware upgrade. This setting can be changed by the Supervisor role, if it is enabled, or
by the Administrator if the Supervisor role is disabled. The Supervisor role disables this setting for the relay to start
accepting settings changes, command changes, or firmware upgrade. After all the setting changes are applied or
5
commands executed, the Supervisor enables to lock settings changes.
Example: If this setting is enabled and an attempt is made to change settings or upgrade the firmware, the UR device
denies the settings changes or denies upgrading the firmware. If this setting is disabled, the UR device accepts settings
changes and firmware upgrade.
This role is disabled by default.
FACTORY SERVICE MODE
Supervisor authentication is necessary. The default value is Disabled.
— When Enabled, the Supervisor role is active. To Disable this setting a Supervisor authentication is
SUPERVISOR ROLE
necessary. If disabled, the Supervisor role is not allowed to log in. In this case, the Administrator can change the settings
under the Supervisory menu.
If enabled, Supervisor authentication is required to change the settings in the Supervisory menu. If the Supervisor disables
their role after authentication, the Supervisor session remains valid until they switch to another role using MMI or until they
end the current Supervisor session if using communications.
This role is disabled by default.
SERIAL INACTIVITY TIMEOUT
separate timer is maintained for RS232 and RS485 connections. The default value is 1 minute.
Self-tests
SETTINGS  PRODUCT SETUP  SECURITY  SUPERVISORY  SELF TESTS
 SELF TESTS

5-22
This setting is enabled by default, meaning "Yes" is selected. When enabled, Device
Front panel or serial (RS232, RS485)
Authentication — Role Based Access Control (RBAC)
and passwords in clear
No passwords for allowed RBAC levels
— When Enabled, the device can go into factory service mode. For this setting to become enabled a
— The role logged via a serial port is auto logged off after the Serial Inactivity timer times out. A
 FAILED

 AUTHENTICATE
FIRMWARE LOCK:

Enabled
SETTINGS LOCK:

Enabled
Ethernet
Authentication — RBAC and passwords encrypted
SSH tunneling
No passwords for allowed RBAC levels
No SSH tunneling
See below
Range: Enabled, Disabled
Range: Enabled, Disabled
G30 GENERATOR PROTECTION SYSTEM – INSTRUCTION MANUAL
CHAPTER 5: SETTINGS