ABB RELION 670 SERIES Manual page 70

Section 5
Central Account Management
64
Table 7: Default users
User name User rights
SuperUser Full rights, only presented in LHMI. LHMI is logged on by default until other users
are defined
Guest Only read rights, only presented in LHMI. LHMI is logged on by default when
other users are defined (same as VIEWER)
Administrator Full rights. Password: Administrator. This user has to be used when reading out
disturbances with third party FTP-client.
Table 8: Predefined user roles according to IEC 62351-8
User roles Role explanation
VIEWER Viewer
OPERATOR Operator
ENGINEER Engineer
INSTALLER Installer
SECADM Security
administrator
SECAUD Security auditor
RBACMNT RBAC
management
ADMINISTRATOR Administrator
rights
Changes in user management settings do not cause an IED reboot.
The PCM600 tool caches the login credentials after successful login
for 15 minutes. During that time no more login will be necessary.
The successfully activation of Central Account Management will disable built-in
users or remove all local created users from PCM600.
Management of user credentials and roles is handled on the central Account
Management server e.g. SDM600 The IED employs two strategies to ensure
availability of the authentication system even if there is a problem with the network
or authentication server:
User rights
Can read parameters and browse the menus from LHMI
Can read parameters and browse the menus as well as
perform control actions
Can create and load configurations and change settings
for the IED and also run commands and manage
disturbances
Can load configurations and change settings for the IED
Can change role assignments and security settings. Can
deploy certificates.
Can view audit logs
Can change role assignment
Sum of all rights for SECADM, SECAUD and RBACMNT
This User role is vendor specific and
not defined in IEC 62351–8
Cyber security deployment guideline
1MRK 511 399-UEN B
670 series 2.2 IEC