Management of user credentials and roles is handled on the central Account
Management server e.g. SDM600 The IED employs two strategies to ensure
availability of the authentication system even if there is a problem with the network or
authentication server:
•
A substation can be equipped with two redundant authentication servers
operating in a hot standby mode.
•
If configured by the security administrator, the IED itself maintains a local replica
in the database with selected users. This database is periodically updated with
data from the server and used as fallback if none of the servers are reachable.
Note that not all users in the SDM600 server are part of the replica. There might be
users that are not assigned to any replication group. IED only replicates those users
which are part of replication group configured in the IED.
This replication can be disabled using PCM600 by the security administrator, which
means that the IED will forward login requests to the SDM600 for authorization and
in case of problems with the network users will not be able to log in to the IED.
If user replication has been disabled in a CAM-enabled IED and if
communication with SDM600 is lost, access to that IED will be
denied until communication is re-established.
All communication between the central management and the IEDs is protected using
secure communication. Customers using SDM600 are required to generate and
distribute certificates during the engineering process of the substation. These
certificates ensure mutual trust between IED and for example SDM600, FTP,
PCM600 and other system.
Table 828:
Authority-related IED functions
Function
Description
Authority status
ATHSTAT
This function is an indication function block for user logon activity.
User denied attempt to logon and user successful logon are reported.
Authority check
ATHCHCK
To safeguard the interests of our customers, both the IED and the tools that are
accessing the IED are protected, by means of authorization handling. The
authorization handling of the IED and the PCM600 is implemented at both access
points to the IED:
•
local, through the local HMI
•
remote, through the communication ports
The IED users can be created, deleted and edited only in the CAM server.
Authority
management
AUTHMAN
This function enables/disables the maintenance menu. It also controls the
maintenance menu logon time out.
For more information on the functions Authority Management (AUTHMAN),
Authority Status (ATHSTAT), and Authority Check (ATHCHCK) functions, refer to
chapter “Basic IED functions” in the Technical Manual.
Section 20
1MRK502052-UEN B
Basic IED functions
1094
Technical manual
Содержание Relion REG670
Страница 1: ...Relion 670 series Generator protection REG670 2 0 IEC Technical manual ...
Страница 2: ......
Страница 44: ...38 ...
Страница 58: ...52 ...
Страница 80: ...74 ...
Страница 106: ...100 ...
Страница 482: ...476 ...
Страница 548: ...542 ...
Страница 570: ...564 ...
Страница 600: ...594 ...
Страница 608: ...602 ...
Страница 630: ...624 ...
Страница 862: ...856 ...
Страница 1094: ...1088 ...
Страница 1226: ...1220 ...
Страница 1250: ...1244 ...
Страница 1297: ...1291 ...