User Authorization; Local User Account Management - ABB RELION REX640 Operation Manual

Protection and control

Hide thumbs Also See for RELION REX640:

Technical manual (1960 pages)

Engineering manual (156 pages)

Operation manual (140 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

Table of Contents

REX640 overview

3.7

User authorization

The user management for the protection relay can be handled in two possible ways.

Only one user management way can be enabled in the protection relay at a time.

For more information, see the cyber security deployment guideline.

Local user account management

Four factory default user accounts (VIEWER, OPERATOR, ENGINEER and

ADMINISTRATOR) have been predefined for the LHMI and the WHMI, each with

different rights and default passwords. The roles for these user accounts are the

same as the username. Additional user accounts can be added for the protection

relay.

IED Users in PCM600 is used to manage the user accounts. Each protection relay

supports eight fixed roles and 50 user accounts belonging to any one of these roles.

Each user account can be mapped to a maximum of eight roles.

The factory default passwords can be changed with Administrator user rights or

by the users themselves. Relay user passwords can be changed using the LHMI, IED

Users in PCM600 or the WHMI. Only Administrator can create user accounts and

update the roles-to-rights mapping. Administrator can also reset the passwords of

the users.

User authorization is disabled by default for the LHMI and can be enabled with

Local override parameter via the menu path Configuration > Authorization >

the

Passwords. WHMI always requires authentication. Changes in user management

settings do not cause the protection relay to reboot. The changes are taken into use

immediately after committing the changed settings.

Central account management

The user accounts and roles can be created and authenticated centrally in a CAM

server. CAM needs to be activated in the protection relay from Account Management

in PCM600.

A CAM server can be an Active Directory (AD) server such as Windows AD. There can

also be a secondary or redundant CAM server configured which can act as a backup

CAM server if the primary CAM server is not accessible.

The protection relay is the CAM client and can maintain its own replica database

of the user accounts and roles configured in the CAM server. This CAM replica

database acts as a backup authentication mechanism if primary and secondary

CAM servers are not accessible from the protection relay.

Each protection relay supports eight roles and 50 user accounts in the CAM replica

database. Each user account can be mapped to a maximum of eight roles.

For more information on user management and security logging, see the

cyber security deployment guideline.

For user authorization for PCM600, see the PCM600 documentation.

1MRS759118 D

REX640

Operation Manual

Table of Contents

User Authorization; Local User Account Management - ABB RELION REX640 Operation Manual

User authorization

Local user account management

Related Manuals for ABB RELION REX640

Related Content for ABB RELION REX640

Table of Contents