4.7
Authorization
GUID-981A881D-9229-45E8-9EE5-D6DF2CA457E5 v6
User roles with different user rights are predefined in the IED. It is recommended to use user defined
users instead of the predefined built-in users.
The IED users can be created, deleted and edited only with PCM600. One user can belong to one or
several user roles. By default, the users in Table
are created in the IED, and when creating new
users, the predefined roles from Table
can be used.
At delivery, the IED user has full access as SuperUser until users are created with
PCM600.
Table 7:
Default users
User name
User rights
SuperUser
Full rights, only presented in LHMI. LHMI is logged on by default until other users are defined
Guest
Only read rights, only presented in LHMI. LHMI is logged on by default when other users are
defined (same as VIEWER)
Administrator
Full rights. Password: Administrator. This user has to be used when reading out disturbances
with third party FTP-client.
Table 8:
Predefined user roles according to IEC 62351-8
User roles
Role explanation User rights
VIEWER
Viewer
Can read parameters and browse the menus from LHMI
OPERATOR
Operator
Can read parameters and browse the menus as well as perform control
actions
ENGINEER
Engineer
Can create and load configurations and change settings for the IED and
also run commands and manage disturbances
INSTALLER
Installer
Can load configurations and change settings for the IED
SECADM
Security
administrator
Can change role assignments and security settings. Can deploy
certificates.
SECAUD
Security auditor
Can view audit logs
RBACMNT
RBAC
management
Can change role assignment
ADMINISTRATOR
Administrator
rights
Sum of all rights for SECADM, SECAUD and RBACMNT
This User role is vendor specific and not defined in
IEC 62351–8
Changes in user management settings do
not
cause an IED reboot.
After three consecutive failed login attempts the user will be locked out for ten
minutes before a new attempt to login can be performed. This time is settable 10
minutes to 60 minutes.
The PCM600 caches the login credentials after successful login for 15 minutes.
During that time no more login will be necessary.
1MRK 500 131-UEN Rev. C
Section 4
Overview
Switchgear control unit SAM600-IO
21
Operation manual
© 2017 - 2021 Hitachi Power Grids. All rights reserved